Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems

Cloud Software Group has put out urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) This article explores vulnerabilities cve 2026. . These patches fix two serious flaws that could let remote attackers get into affected systems without being authenticated. Companies that have customer-managed deployments should apply the updates right away.

CVE-2026-3055: Critical Out-of-Bounds Read via SAML IDP CVE-2026-3055 is the more serious of the two problems. It has a CVSS v4.0 base score of 9.3, which makes it critical. The flaw is caused by not checking input properly, which causes a memory overread condition (CWE-125: Out-of-Bounds Read). The flaw doesn't need any authentication, user interaction, or special conditions other than one important configuration requirement: the appliance must be set up as a SAML Identity Provider (IDP).

Find more secure browsing add-ons Tools for ethical hacking Firewall solutions Cloud Software Group said that this vulnerability was found internally through its ongoing security review program, which means that no active exploitation had been seen at the time of disclosure. Even so, the fact that it is very serious and has no privileges makes it a high-priority patch target. Administrators can confirm their exposure by examining the NetScaler configuration for the string add authentication samlIdPProfile .

*. CVE-2026-4368: Race Condition Causing Session Mixup The second vulnerability, CVE-2026-4368, has a CVSS v4.0 score of 7.7 (High) and is a race condition (CWE-362) that can cause user sessions to get mixed up. This flaw affects appliances that are set up as a AAA virtual server or as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy).

It needs low-privilege authentication and an adjacent timing condition (AT:P), but if it works, it could completely compromise the privacy and integrity of user sessions, which is a big risk in enterprise VPN environments. Administrators can find out if there is a risk by looking at the NetScaler settings for either add authentication vserver. * or add vpn vserver.

* Versions that are affected and the patch The following versions are affected by the vulnerabilities: CVE-2026-3055 NetScaler ADC/Gateway 14.1 before 14.1-66.59; 13.1 before 13.1-62.23; FIPS/NDcPP before 13.1-37.262 CVE-2026-4368 NetScaler ADC/Gateway 14.1–66.54 Cloud Software Group suggests that you upgrade to the following fixed releases: NetScaler ADC and Gateway 14.1–66.59 or later or NetScaler ADC and Gateway 13.1–62.23 or later NetScaler ADC 13.1-FIPS / NDcPP 13.1.37.262 or a newer version Please note that this advisory only applies to deployments that are managed by the customer.

Cloud Software Group has already updated Citrix-managed cloud services and Adaptive Authentication instances. Because NetScaler ADC and Gateway are commonly used as VPN and application delivery controllers on business networks, systems that aren't patched are very vulnerable to attacks. Because CVE-2026-3055 has a critical score, security teams should make patch deployment a top priority, especially for appliances configured as SAML IDPs.

For daily cybersecurity updates, follow us on LinkedIn and X. Get in touch with us to share your stories.