By rssfeeds-admin 
Organizations running customer-managed deployments are strongly urged to apply the updates immediately.
CVE-2026-3055: Critical Out-of-Bounds Read via SAML IDP
The more severe of the two flaws, CVE-2026-3055, carries a CVSS v4.0 base score of 9.3, classifying it as critical. The vulnerability stems from insufficient input validation that leads to a memory overread condition (CWE-125: Out-of-Bounds Read).
The flaw requires no authentication, no user interaction, and no special preconditions beyond one key configuration requirement: the appliance must be configured as a SAML Identity Provider (IDP).
Notably, Cloud Software Group disclosed that this vulnerability was identified internally through its ongoing security review program, suggesting no active exploitation had been observed at the time of disclosure.
Still, the critical severity and zero-privilege attack vector make it a high-priority patch target. Administrators can verify their exposure by checking the NetScaler configuration for the string add authentication samlIdPProfile .*.
CVE-2026-4368: Race Condition Causing Session Mixup
The second vulnerability, CVE-2026-4368, scores 7.7 (High) on the CVSS v4.0 scale and involves a race condition (CWE-362) that can result in user session mixup.
This flaw affects appliances configured as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. While it requires low-privilege authentication and an adjacent timing condition (AT:P), successful exploitation could result in a full compromise of user sessions’ confidentiality and integrity, a significant risk in enterprise VPN environments.
Administrators can identify exposure by checking NetScaler configurations for either add authentication vserver .* or add vpn vserver .*.
Affected Versions and Patch
The vulnerabilities affect the following versions:
| CVE | Affected Version |
|---|---|
| CVE-2026-3055 | NetScaler ADC/Gateway 14.1 before 14.1-66.59; 13.1 before 13.1-62.23; FIPS/NDcPP before 13.1-37.262 |
| CVE-2026-4368 | NetScaler ADC/Gateway 14.1-66.54 |
Cloud Software Group recommends upgrading to the following fixed releases:
- NetScaler ADC and Gateway 14.1-66.59 or later
- NetScaler ADC and Gateway 13.1-62.23 or later
- NetScaler ADC 13.1-FIPS / NDcPP 13.1.37.262 or later
It is important to note that this advisory applies exclusively to customer-managed deployments. Citrix-managed cloud services and Adaptive Authentication instances have already been updated by Cloud Software Group.
Given that NetScaler ADC and Gateway are widely deployed in enterprise perimeters as VPN and application delivery controllers, unpatched systems represent a significant attack surface.
Security teams should prioritize patch deployment, particularly for SAML IDP-configured appliances, given CVE-2026-3055’s critical score.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.