Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems

Home Cyber Security Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems Cloud Software Group has released urgent security patches for NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway), addressing two significant vulnerabilities that could allow unauthenticated remote attackers to compromise affected systems. Organizations running customer-managed deployments are strongly urged to apply the updates immediately. CVE-2026-3055: Critical Out-of-Bounds Read via SAML IDP The more severe of the two flaws, CVE-2026-3055, carries a CVSS v4.0 base score of 9.3, classifying it as critical. The vulnerability stems from insufficient input validation that leads to a memory overread condition (CWE-125: Out-of-Bounds Read). The flaw requires no authentication, no user interaction, and no special preconditions beyond one key configuration requirement: the appliance must be configured as a SAML Identity Provider (IDP). Notably, Cloud Software Group disclosed that this vulnerability was identified internally through its ongoing security review program, suggesting no active exploitation had been observed at the time of disclosure. Still, the critical severity and zero-privilege attack vector make it a high-priority patch target. Administrators can verify their exposure by checking the NetScaler configuration for the string add authentication samlIdPProfile .*. CVE-2026-4368: Race Condition Causing Session Mixup The second vulnerability, CVE-2026-4368, scores 7.7 (High) on the CVSS v4.0 scale and involves a race condition (CWE-362) that can result in user session mixup. This flaw affects appliances configured as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. While it requires low-privilege authentication and an adjacent timing condition (AT:P), successful exploitation could result in a full compromise of user sessions’ confidentiality and integrity, a significant risk in enterprise VPN environments. Administrators can identify exposure by checking NetScaler configurations for either add authentication vserver .* or add vpn vserver .*. Affected Versions and Patch The vulnerabilities affect the following versions: CVE Affected Version CVE-2026-3055 NetScaler ADC/Gateway 14.1 before 14.1-66.59; 13.1 before 13.1-62.23; FIPS/NDcPP before 13.1-37.262 CVE-2026-4368 NetScaler ADC/Gateway 14.1-66.54 Cloud Software Group recommends upgrading to the following fixed releases: NetScaler ADC and Gateway 14.1-66.59 or later NetScaler ADC and Gateway 13.1-62.23 or later NetScaler ADC 13.1-FIPS / NDcPP 13.1.37.262 or later It is important to note that this advisory applies exclusively to customer-managed deployments. Citrix-managed cloud services and Adaptive Authentication instances have already been updated by Cloud Software Group. Given that NetScaler ADC and Gateway are widely deployed in enterprise perimeters as VPN and application delivery controllers, unpatched systems represent a significant attack surface. Security teams should prioritize patch deployment, particularly for SAML IDP-configured appliances, given CVE-2026-3055’s critical score. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security News Libyan Oil Refinery Hit in Long-Running Espionage Campaign Using AsyncRAT Cyber Security News MacOS Stealer MioLab Adds ClickFix Delivery, Wallet Theft and Team API Tools Cyber Security News Oblivion RAT Turns Fake Play Store Updates Into a Full-Service Android Spyware Operation Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026