FHN 
Cloud Software Group has released a critical security advisory for customer-managed NetScaler ADC and NetScaler Gateway deployments. The bulletin highlights two important vulnerabilities, including critical NetScaler vulnerabilities, that could expose systems to serious attacks.
The flaws are tracked as CVE-2026-3055 and CVE-2026-4368. One can allow attackers to read sensitive data from memory, while the other may lead to session handling issues and unauthorized access. Both are examples of significant NetScaler vulnerabilities.
Administrators are advised to update affected systems as soon as possible.
Addressing these NetScaler vulnerabilities is crucial for maintaining the security of your network.
What Is CVE-2026-3055?
CVE-2026-3055 is the more serious of the two vulnerabilities. It has a CVSS v4.0 score of 9.3, which makes it critical.
This flaw is caused by improper input validation, which can lead to an out-of-bounds memory read. In simple terms, an attacker may be able to read sensitive information stored in the memory of the appliance.
This issue affects systems only when the NetScaler ADC or Gateway is configured as a SAML Identity Provider (IdP). If SAML IdP is not enabled, the system is not exposed to this specific flaw.
What Is CVE-2026-4368?
The second issue, CVE-2026-4368, is rated high severity with a CVSS v4.0 score of 7.7.
This vulnerability is caused by a race condition. It can result in a session mixup, where one user’s session may be wrongly assigned or exposed to another user. In some situations, this could affect administrative or normal user sessions.
A system is at risk only if it is configured as:
- AAA virtual server
- NetScaler Gateway
Gateway deployments that may be affected include:
- SSL VPN
- ICA Proxy
- Clientless VPN (CVPN)
- RDP Proxy
Affected NetScaler Versions
According to the advisory, the vulnerabilities affect only customer-managed NetScaler environments. Citrix-managed cloud services and Adaptive Authentication are not affected because they are updated automatically.
The impacted versions include:
- NetScaler ADC and Gateway 14.1 before 14.1-66.59 for CVE-2026-3055
- NetScaler ADC and Gateway 14.1-66.54 for CVE-2026-4368
- NetScaler ADC and Gateway 13.1 before 13.1-62.23 for CVE-2026-3055
- NetScaler ADC FIPS and NDcPP before 13.1-37.262 for CVE-2026-3055
Patched Versions
Cloud Software Group recommends upgrading affected systems immediately to the latest secure builds.
The patched versions are:
- 14.1-66.59
- 13.1-62.23
- 13.1-37.262 for FIPS and NDcPP editions
Updating to these versions is the best way to reduce the risk.
How to Check If Your System Is Exposed
Administrators can review their NetScaler configuration files to see whether the vulnerable features are enabled.
To check for exposure to CVE-2026-3055, search for:
- add authentication samlIdPProfile
This helps confirm whether the appliance is configured as a SAML IdP.
To check for exposure to CVE-2026-4368, search for:
- add authentication vserver for AAA virtual servers
- add vpn vserver for Gateway configurations
If these entries are present, the appliance may be exposed depending on how it is configured.
These vulnerabilities are important because they affect systems that often handle authentication, remote access, and sensitive network traffic. A successful attack could expose confidential data or allow session-related abuse.
Organizations using customer-managed NetScaler ADC or Gateway appliances should review their configurations and apply updates without delay.
Final Thoughts
The newly disclosed NetScaler vulnerabilities show why timely patching and configuration review remain critical for network security. Since these flaws can impact sensitive sessions and memory handling, administrators should act quickly to secure affected appliances.
For organizations running exposed NetScaler services, delaying updates could increase the risk of compromise.
About the Author
