Critical Citrix NetScaler ADC and Gateway Flaws Let Attackers Remotely Execute Code
Key Takeaways Cloud Software Group has issued urgent patches for two critical vulnerabilities in NetScaler ADC and NetScaler Gateway. The most severe flaw, CVE-2026-3055, is an unauthenticated remote...
Key Takeaways
- Cloud Software Group has issued urgent patches for two critical vulnerabilities in NetScaler ADC and NetScaler Gateway.
- The most severe flaw, CVE-2026-3055, is an unauthenticated remote code execution vulnerability with a CVSS v4.0 score of 9.3, affecting appliances configured as a SAML Identity Provider (IDP).
- A second high-severity flaw, CVE-2026-4368, is a race condition leading to session mixup, affecting Gateway or AAA virtual server configurations.
- Organizations with customer-managed deployments must apply vendor-provided updates immediately to mitigate risks.
Critical Flaws in NetScaler ADC and Gateway Demand Immediate Patching
Cloud Software Group has released imperative security updates for its NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. These patches address two significant vulnerabilities, one of which allows unauthenticated remote attackers to execute arbitrary code on affected systems. The vendor is urging all organizations managing their own deployments to apply these updates without delay.
Table Of Content
CVE-2026-3055: Critical Out-of-Bounds Read via SAML IDP
The more severe of the two security defects, identified as CVE-2026-3055, has been assigned a critical CVSS v4.0 base score of 9.3. This vulnerability is categorized as an out-of-bounds read (CWE-125) resulting from inadequate input validation. Exploitation of this flaw requires no prior authentication, no user interaction, and no specialized preconditions other than the appliance being configured as a SAML Identity Provider (IDP).
Cloud Software Group clarified that this vulnerability was discovered through internal security audits, indicating no evidence of active exploitation at the time of public disclosure. Nevertheless, its critical severity and the unprivileged attack vector make it a high-priority target for patching. Administrators can confirm potential exposure by searching their NetScaler configuration for the string add authentication samlIdPProfile .*.
CVE-2026-4368: Race Condition Causing Session Mixup
The second vulnerability, CVE-2026-4368, carries a CVSS v4.0 score of 7.7, classifying it as high severity. This flaw involves a race condition (CWE-362) that can lead to the mixing of user sessions. It impacts appliances configured as a Gateway (supporting SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. While exploitation requires low-privilege authentication and a specific timing condition (AT:P), successful attacks could compromise the confidentiality and integrity of user sessions, posing a substantial risk in enterprise VPN environments.
Administrators can ascertain if their systems are vulnerable by checking NetScaler configurations for either add authentication vserver .* or add vpn vserver .*.
Affected Versions and Patch Guidance
The vulnerabilities impact several versions of NetScaler ADC and Gateway. Organizations must ensure they upgrade to the patched releases provided by Cloud Software Group.
| CVE | Affected Version |
|---|---|
| CVE-2026-3055 | NetScaler ADC/Gateway 14.1 before 14.1-66.59; 13.1 before 13.1-62.23; FIPS/NDcPP before 13.1-37.262 |
| CVE-2026-4368 | NetScaler ADC/Gateway 14.1-66.54 |
Cloud Software Group advises upgrading to the following fixed versions:
- NetScaler ADC and Gateway 14.1-66.59 or later
- NetScaler ADC and Gateway 13.1-62.23 or later
- NetScaler ADC 13.1-FIPS / NDcPP 13.1.37.262 or later
It is crucial to understand that this advisory specifically targets customer-managed deployments. Cloud Software Group has already applied the necessary updates to Citrix-managed cloud services and Adaptive Authentication instances. Given the widespread deployment of NetScaler ADC and Gateway as critical components in enterprise perimeters for VPN and application delivery, unpatched systems present a significant attack surface. Security teams should prioritize the deployment of these patches, especially for appliances configured as SAML IDPs, due to the critical nature of CVE-2026-3055. Further details can be found in the official advisory.
What You Should Do
- Immediately Apply Patches: Upgrade all affected customer-managed NetScaler ADC and Gateway instances to the recommended fixed versions as soon as possible.
- Verify SAML IDP Configuration: Check your NetScaler configurations for the string
add authentication samlIdPProfile .*to identify exposure to CVE-2026-3055. - Verify Gateway/AAA Configuration: Inspect configurations for
add authentication vserver .*oradd vpn vserver .*to determine exposure to CVE-2026-4368. - Review Network Segmentation: Ensure that critical systems are segmented to limit the potential impact if an unpatched NetScaler device is compromised.
- Monitor for Exploitation Attempts: Implement enhanced monitoring for suspicious activity originating from or targeting NetScaler appliances.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.