Jump to the main content block
  1. Home
  2. Information Security
  3. Vulnerability Alert

【Vulnerability Alert】 CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/30–2026/04/05)

publish date : 2026-04-13 update date : 2026-04-13

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026041002044343 Publication Time 2026/04/10 14:24
Incident Type ANA-Vulnerability Alert Discovery Time 2026/04/10 14:24
Impact Level Low  
[Subject]
【Vulnerability Alert】 CISA Added 3 Known Exploited Vulnerabilities to the KEV Catalog (2026/03/30–2026/04/05)
[Content]
Forwarded from TWCERTCC-200-202604-00000005

【CVE-2026-3055】Citrix NetScaler Out-of-Bounds Read Vulnerability (CVSS v3.1: 9.8)
【Ransomware Exploitation: Unknown】 Citrix NetScaler ADC, NetScaler Gateway, and NetScaler ADC FIPS and NDcPP contain an Out-of-Bounds Read vulnerability when configured as a SAML IDP, which may result in excessive memory read.

【CVE-2026-5281】Google Dawn Use-After-Free Vulnerability (CVSS v3.1: 8.8)
【Ransomware Exploitation: Unknown】 Google Dawn contains a Use-After-Free vulnerability, which may allow a remote attacker who has already compromised the renderer process to execute arbitrary code through a specially crafted HTML page. This vulnerability may affect multiple Chromium-based products, including but not limited to Google Chrome, Microsoft Edge, and Opera.

【CVE-2026-3502】TrueConf Client Download of Code Without Integrity Check Vulnerability (CVSS v3.1: 7.8)
【Ransomware Exploitation: Unknown】 TrueConf Client contains a vulnerability involving the download of code without an integrity check. If an attacker is able to influence the update delivery path, the attacker may replace the update payload with a tampered one. Once executed or installed by the updater, it may result in arbitrary code execution within the privileges of the update process or the user.


(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]

【CVE-2026-3055】Please refer to the affected versions listed on the official website: https://support.citrix.com/support-home/home

【CVE-2026-5281】Please refer to the affected versions listed on the official website: https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

【CVE-2026-3502】TrueConf versions 8.1.0 to 8.5.2 (inclusive)
[Recommended Actions]

【CVE-2026-3055】A security fix for this vulnerability has been released by the official vendor. Please update to the relevant version. https://support.citrix.com/support-home/home

【CVE-2026-5281】A security fix for this vulnerability has been released by the official vendor. Please update to the relevant version. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_31.html

【CVE-2026-3502】Please upgrade the affected product to the following version or later: TrueConf 8.5.3.884
[Reference]
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center
Click Num:
Print