Immediate Action Required: Critical NetScaler Vulnerability Exposes Sensitive Memory Data
Citrix has released a security advisory addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical vulnerability tracked as CVE-2026-3055 (CVSS score: 9.3) and a high-severity vulnerability tracked as CVE-2026-4368 (CVSS score: 7.7).
Citrix has released a security advisory addressing two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical vulnerability tracked as CVE-2026-3055 (CVSS score: 9.3) and a high-severity vulnerability tracked as CVE-2026-4368 (CVSS score: 7.7).
The critical flaw could allow unauthenticated attackers to access sensitive information from memory under specific configurations. While there is no evidence of active exploitation at the time of disclosure, security experts have indicated that exploitation is likely based on the nature of the vulnerability.
Technical Details
CVE-2026-3055 (Critical: CVSS 9.3)
- Type: Memory overread (out-of-bounds read)
- Access: Remote, unauthenticated
- Impact: Disclosure of sensitive information from memory
This vulnerability arises due to improper input validation, which may allow an attacker to read unintended portions of memory.
Important condition:
- The vulnerability is only exploitable when NetScaler is configured as a SAML Identity Provider (IdP)
- Systems not configured as a SAML IdP are not affected by this issue
Security researchers have noted that the behavior of this flaw has been compared to previously observed NetScaler vulnerabilities involving memory disclosure, though no exact equivalence has been formally established.
CVE-2026-4368 (High: CVSS 7.7)
- Type: Race condition
- Impact: Potential for unintended session behavior (e.g., session mix-ups)
This vulnerability is relevant only when the appliance is configured in one of the following roles:
- NetScaler Gateway (including VPN, ICA Proxy, CVPN, or RDP Proxy)
- AAA virtual server
Affected Versions
The following versions of NetScaler ADC and Gateway are affected:
- NetScaler ADC & Gateway 14.1 versions prior to 14.1-66.59
- NetScaler ADC & Gateway 13.1 versions prior to 13.1-62.23
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP versions prior to 13.1-37.262
Solution and Mitigations
1. Apply Security Updates
Citrix has released patched versions addressing both vulnerabilities:
- 14.1-66.59 and later
- 13.1-62.23 and later
- 13.1-37.262 and later (FIPS / NDcPP)
Applying these updates is the primary and recommended mitigation.
2. Verify Configuration Exposure
Administrators should determine whether their systems meet the conditions required for exploitation.
Check for SAML IdP configuration strings:
add authentication samlIdPProfile .*Check for Gateway or AAA configuration strings:
add vpn vserver .*add authentication vserver .*Systems not using these configurations are not exposed to the respective vulnerabilities.
3. General Security Best Practices
- Restrict access to NetScaler services where possible
- Monitor authentication and session activity for anomalies
- Review configurations to ensure only necessary services are exposed
Instantly Fix Risks with Saner Patch Management
Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.
Experience the fastest and most accurate patching software here.
