Critical Citrix NetScaler & Gateway Flaws Leak Data

A critical security bulletin from Cloud Software Group warns of two newly discovered vulnerabilities impacting customer-managed NetScaler ADC and NetScaler Gateway appliances.

These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user session mixups.

Network administrators and security teams are strongly urged to apply the latest security patches immediately to prevent potential network compromise.

Citrix NetScaler and Gateway Vulnerabilities

The security bulletin outlines two distinct vulnerabilities affecting different configurations of the NetScaler appliances.

The most severe of the two flaws is CVE-2026-3055, an out-of-bounds read vulnerability caused by insufficient input validation. Earning a critical base score of 9.3, this flaw enables remote attackers to trigger a memory overread.

An out-of-bounds read allows an attacker to access memory locations beyond a buffer’s intended boundaries, potentially exposing sensitive operational data, credentials, or session tokens.

However, exploitation is conditionally restricted. The vulnerability only affects appliances explicitly configured as a Security Assertion Markup Language (SAML) Identity Provider (IdP).

Administrators can quickly verify their exposure by checking their NetScaler configuration for the specific string add authentication samlIdPProfile .*.

The second vulnerability, CVE-2026-4368, is a race condition flaw that triggers a user session mixup. Session mixups can inadvertently transfer an active session belonging to one user to another, unintentionally exposing sensitive information or granting access.

This issue is triggered when the appliance operates as a Gateway (including SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or as an Authentication, Authorization, and Auditing (AAA) virtual server.

Configuration files containing add authentication vserver .* or add vpn vserver .* indicate an exposed deployment. These vulnerabilities exclusively impact customer-managed NetScaler ADC and Gateway systems.

Cloud environments utilizing Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not at risk, as the vendor has already applied the necessary infrastructure updates.

To secure network infrastructure, cybersecurity teams must immediately upgrade affected appliances to the latest supported firmware versions.

The flaws were identified during internal security reviews by Cloud Software Group, and there are currently no indicators of active exploitation in the wild.

Regardless, the critical nature of the memory overread vulnerability necessitates rapid patching and vigilant monitoring of session integrity.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.