Print - 【Vulnerability Alert】 CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/30

【Vulnerability Alert】 CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/30–2026/04/05)

publish date : 2026-04-13 update date : 2026-04-13

Source: Ministry of education information & communication security contingency platform

"" "" ""


Publication Number	TACERT-ANA-2026041002044343	Publication Time	2026/04/10 14:24
Incident Type	ANA-Vulnerability Alert	Discovery Time	2026/04/10 14:24
Impact Level	Low
[Subject] 【Vulnerability Alert】 CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/30–2026/04/05)
[Content] Forwarded from TWCERTCC-200-202604-00000005 【CVE-2026-3055】Citrix NetScaler Out-of-Bounds Read Vulnerability (CVSS v3.1: 9.8) 【Ransomware Exploitation: Unknown】 Citrix NetScaler ADC, NetScaler Gateway, and NetScaler ADC FIPS and NDcPP contain an Out-of-Bounds Read vulnerability when configured as a SAML IDP, which may result in excessive memory read. 【CVE-2026-5281】Google Dawn Use-After-Free Vulnerability (CVSS v3.1: 8.8) 【Ransomware Exploitation: Unknown】 Google Dawn contains a Use-After-Free vulnerability, which may allow a remote attacker who has already compromised the renderer process to execute arbitrary code through a specially crafted HTML page. This vulnerability may affect multiple Chromium-based products, including but not limited to Google Chrome, Microsoft Edge, and Opera. 【CVE-2026-3502】TrueConf Client Download of Code Without Integrity Check Vulnerability (CVSS v3.1: 7.8) 【Ransomware Exploitation: Unknown】 TrueConf Client contains a vulnerability involving the download of code without an integrity check. If an attacker is able to influence the update delivery path, the attacker may replace the update payload with a tampered one. Once executed or installed by the updater, it may result in arbitrary code execution within the privileges of the update process or the user. (Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform] 【CVE-2026-3055】Please refer to the affected versions listed on the official website: https://support.citrix.com/support-home/home 【CVE-2026-5281】Please refer to the affected versions listed on the official website: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html 【CVE-2026-3502】TrueConf versions 8.1.0 to 8.5.2 (inclusive)
[Recommended Actions] 【CVE-2026-3055】A security fix for this vulnerability has been released by the official vendor. Please update to the relevant version. https://support.citrix.com/support-home/home 【CVE-2026-5281】A security fix for this vulnerability has been released by the official vendor. Please update to the relevant version. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html 【CVE-2026-3502】Please upgrade the affected product to the following version or later: TrueConf 8.5.3.884
[Reference]

(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw

Organizer: Computer Center