Secure Cyber Vulnerability Management

25/03/2026
Qualys-Threat-Protect

Citrix NetScaler ADC and NetScaler Gateway multiple vulnerabilities (CVE-2026-3055 & CVE-2026-4368)

by Deepanshu Jha

Citrix released a security advisory addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway. Tracked as CVE-2026-3055 & CVE-2026-4368, successful exploitation of these vulnerabilities may result in memory overread and user session mix-up, respectively.

Citrix NetScaler ADC is a comprehensive application delivery and load balancing solution. It optimizes application performance, availability, and security by distributing, optimizing, and securing network traffic.

Citrix NetScaler Gateway is a secure remote access solution that provides a single entry point for users to access on-premises and cloud applications and resources.

CVE-2026-3055

The vulnerability has a critical severity rating with a CVSS v4.0 Base Score of 9.3. It is an out-of-bounds read vulnerability that may allow an unauthenticated remote attacker to leak potentially sensitive information from the appliance’s memory.

CVE-2026-4368

The vulnerability has a critical severity rating with a CVSS v4.0 Base Score of 7.7. This is a race condition flaw that may lead to a user session mix-up.

Pre-conditions

CVE-2026-3055

Citrix ADC or Citrix Gateway must be configured as an SAML IDP. Users can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string:

Add authentication samlIdPProfile.

CVE-2026-4368

Appliance must be configured as:

  • Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy)

OR

  • AAA virtual server

Users can determine whether an appliance is configured as one of the following by inspecting their NetScaler Configuration for the specified strings.

  • An Auth Server (AAA Vserver)
      • Add authentication vserver.
  • A Gateway (VPN Vserver,  ICA Proxy, CVPN, RDP Proxy):
      • Add vpn vserver.

Affected versions

CVE-2026-3055

  • NetScaler ADC and NetScaler Gateway 14.1 before 14.1-66.59
  • NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23
  • NetScaler ADC FIPS and NDcPP before 13.1-37.262

CVE-2026-4368

  • NetScaler ADC and NetScaler Gateway 14.1-66.54

Mitigation

Users must upgrade to the following versions to patch the vulnerabilities:

  • NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1
  • NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP

Please refer to the Citrix Security Bulletin (CTX696300) for more information.

Qualys Detection

Qualys customers can scan their devices with QIDs 386883 and 386882 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Comments are closed.

You may also like