Citrix has launched security updates to handle two vulnerabilities in NetScaler ADC and NetScaler Gateway, together with a vital flaw that may very well be exploited to leak delicate information from the applying.
The vulnerabilities are listed beneath –
- CVE-2026-3055 (CVSS rating: 9.3) – Inadequate enter validation resulting in reminiscence overread
- CVE-2026-4368 (CVSS rating: 7.7) – Race situation resulting in consumer session mixup
Cybersecurity firm Rapid7 stated that CVE-2026-3055 refers to an out-of-bounds learn that may very well be exploited by unauthenticated distant attackers to leak probably delicate info from the equipment’s reminiscence.
Nonetheless, for exploitation to achieve success, the Citrix ADC or Citrix Gateway equipment should be configured as a SAML Identification Supplier (SAML IDP), which implies default configurations are unaffected. To find out if the machine has been configured as a SAML IDP Profile, Citrix is urging prospects to examine their NetScaler Configuration for the desired string: “add authentication samlIdPProfile .*”
CVE-2026-4368, however, requires the equipment to be configured as a gateway (i.e., SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or an Authentication, Authorization, and Accounting (AAA) server. Clients can examine the NetScaler Configuration to establish if their units have been configured as both of the nodes –
- AAA digital server – add authentication vserver .*
- Gateway – add vpn vserver .*
The vulnerabilities have an effect on NetScaler ADC and NetScaler Gateway variations 14.1 earlier than 14.1-66.59 and 13.1 earlier than 13.1-62.23, in addition to NetScaler ADC 13.1-FIPS and 13.1-NDcPP earlier than 13.1-37.262. Customers are suggested to use the newest updates as quickly as doable for optimum safety.
Whereas there isn’t any proof that the shortcomings have been exploited within the wild, security flaws in NetScaler units have been repeatedly exploited by menace actors (CVE-2023-4966, aka Citrix Bleed, CVE-2025-5777, aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775), making it crucial that customers take steps to replace their cases.
“CVE-2026-3055 permits unauthenticated attackers to leak and browse delicate reminiscence from NetScaler ADC deployments. If it sounds acquainted, it is as a result of it’s – this vulnerability sounds suspiciously much like Citrix Bleed and Citrix Bleed 2, which proceed to characterize a trauma occasion for a lot of,” watchTowr CEO and founder Benjamin Harris informed The Hacker Information.
“NetScalers are vital options which were repeatedly focused for preliminary entry into enterprise environments. Whereas the advisory simply went stay, defenders have to act shortly. Anybody working impacted variations must patch urgently. Imminent exploitation is very doubtless.”
