Citrix Advises on Critical Vulnerabilities in NetScaler ADC and Gateway
Citrix has issued a security advisory detailing two vulnerabilities affecting NetScaler ADC and NetScaler Gateway products, notably a critical vulnerability classified as CVE-2026-3055 with a CVSS score of 9.3 and a high-severity vulnerability identified as CVE-2026-4368 with a CVSS score of 7.7. The disclosure indicates a potential risk due to the nature of these vulnerabilities, although there is currently no evidence of active exploitation.
The critical vulnerability CVE-2026-3055 stems from improper input validation, which can lead to unauthorized access to sensitive information stored in memory. This vulnerability is particularly concerning as it allows unauthenticated remote access; however, its exploitability is contingent on the NetScaler being configured as a Security Assertion Markup Language (SAML) Identity Provider. Systems that are not configured in this manner remain unaffected. Comparisons have been drawn between this flaw and prior NetScaler memory disclosure vulnerabilities, though definitive links have not been established.
In addition to this critical vulnerability, CVE-2026-4368 presents a high-severity risk being characterized as a race condition. This vulnerability can lead to unintended session behaviors, such as session mix-ups, but is only applicable in specific configurations, including the NetScaler Gateway and AAA virtual server roles.
Defensive Context
Organizations utilizing Citrix NetScaler ADC and Gateway should pay particular attention to these vulnerabilities due to their potential to expose sensitive information and compromise session integrity. The relevance of these vulnerabilities will vary based on configuration; environments not using SAML integrations or unaffected roles are less at risk.
Why This Matters
The potential for memory disclosure and session management issues highlighted by these vulnerabilities poses a notable risk to organizations relying on Citrix technology that are configured correctly. Those with exposed configurations may face serious threats if these vulnerabilities are exploited, particularly in sectors that utilize secure remote access and identity management.
Defender Considerations
Organizations should evaluate whether their configurations align with the conditions for exploitation. Specifically, they should check for SAML IdP configurations for CVE-2026-3055 and ascertain appropriate configurations for the affected roles tied to CVE-2026-4368. Regular reviews of system patches and configurations may enhance overall security posture.
Indicators of Compromise (IOCs)
Affected versions include:
– NetScaler ADC & Gateway 14.1 versions prior to 14.1-66.59
– NetScaler ADC & Gateway 13.1 versions prior to 13.1-62.23
– NetScaler ADC 13.1-FIPS and 13.1-NDcPP versions prior to 13.1-37.262
