Organizations running customer-managed deployments are strongly urged to apply the updates immediately.
The more severe of the two flaws, CVE-2026-3055, carries a CVSS v4.0 base score of 9.3, classifying it as critical. The vulnerability stems from insufficient input validation that leads to a memory overread condition (CWE-125: Out-of-Bounds Read).
The flaw requires no authentication, no user interaction, and no special preconditions beyond one key configuration requirement: the appliance must be configured as a SAML Identity Provider (IDP).
Notably, Cloud Software Group disclosed that this vulnerability was identified internally through its ongoing security review program, suggesting no active exploitation had been observed at the time of disclosure.
Still, the critical severity and zero-privilege attack vector make it a high-priority patch target. Administrators can verify their exposure by checking the NetScaler configuration for the string add authentication samlIdPProfile .*.
The second vulnerability, CVE-2026-4368, scores 7.7 (High) on the CVSS v4.0 scale and involves a race condition (CWE-362) that can result in user session mixup.
This flaw affects appliances configured as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. While it requires low-privilege authentication and an adjacent timing condition (AT:P), successful exploitation could result in a full compromise of user sessions’ confidentiality and integrity, a significant risk in enterprise VPN environments.
Administrators can identify exposure by checking NetScaler configurations for either add authentication vserver .* or add vpn vserver .*.
The vulnerabilities affect the following versions:
| CVE | Affected Version |
|---|---|
| CVE-2026-3055 | NetScaler ADC/Gateway 14.1 before 14.1-66.59; 13.1 before 13.1-62.23; FIPS/NDcPP before 13.1-37.262 |
| CVE-2026-4368 | NetScaler ADC/Gateway 14.1-66.54 |
Cloud Software Group recommends upgrading to the following fixed releases:
It is important to note that this advisory applies exclusively to customer-managed deployments. Citrix-managed cloud services and Adaptive Authentication instances have already been updated by Cloud Software Group.
Given that NetScaler ADC and Gateway are widely deployed in enterprise perimeters as VPN and application delivery controllers, unpatched systems represent a significant attack surface.
Security teams should prioritize patch deployment, particularly for SAML IDP-configured appliances, given CVE-2026-3055’s critical score.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Critical NetScaler ADC and Gateway Vulnerabilities Enable Remote Attacks on Affected Systems appeared first on Cyber Security News.
Gov. Bill Lee greets President Donald Trump during Trump's March 23, 2026 visit to Memphis…
There are many reasons why an electric scooter might be a better fit for you…
Disney has revealed the official trailer for its live-action reimagining of Moana, and it features…
Magic: The Gathering’s Teenage Mutant Ninja Turtle set feels like it just came out (because,…
BIG COUNTRY, Texas (KTAB/KRBC) - Digital Anchor Brittany Pelletz provides an early update on some…
Jason Groves, Senior Vice President and Marketing Director for Clear Fork Bank, shares his personal…
This website uses cookies.