Citrix has released critical security updates to address serious vulnerabilities in its NetScaler ADC and NetScaler Gateway products, warning organizations about the potential risk of sensitive data exposure.
The update includes fixes for two security flaws, one of which could allow attackers to access sensitive information without authentication, raising concerns across enterprise environments.
Critical Vulnerability Could Leak Sensitive Data
The most severe issue, tracked as CVE-2026-3055 with a CVSS score of 9.3, stems from improper input validation that results in a memory overread condition. This flaw can allow remote attackers to extract sensitive data directly from system memory without needing valid login credentials.
Security researchers have noted similarities between this flaw and previous high-impact vulnerabilities, making it particularly concerning for organizations relying on NetScaler appliances.
Exploitation Conditions and Risk Factors
For this vulnerability to be exploited, the affected NetScaler device must be configured as a SAML Identity Provider (SAML IdP). Systems using default configurations are not impacted.
Citrix recommends administrators review their configurations to identify potential exposure. Specifically, they should look for entries indicating SAML IdP setup within their configuration files.
Additional Vulnerability Impacts Session Integrity
The second issue, CVE-2026-4368 (CVSS score: 7.7), involves a race condition that can lead to user session mix-ups. This could result in unintended access between user sessions, potentially exposing sensitive information.
This vulnerability affects systems configured as:
- Gateway services such as SSL VPN, ICA Proxy, CVPN, and RDP Proxy
- Authentication, Authorization, and Accounting (AAA) servers
Administrators are advised to verify whether their systems fall into these categories to assess risk.
Affected Versions and Patch Availability
The vulnerabilities impact multiple versions of NetScaler ADC and NetScaler Gateway, including:
- Versions prior to 14.1-66.59
- Versions prior to 13.1-62.23
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262
Citrix has released patches addressing these issues, and users are strongly encouraged to update their systems immediately to minimize exposure.
History of NetScaler Exploits Raises Urgency
Although there is currently no confirmed evidence of active exploitation, NetScaler devices have a history of being targeted by attackers. Previous vulnerabilities, including widely exploited flaws like Citrix Bleed, have been used as entry points into enterprise networks.
Security experts warn that similar vulnerabilities are often rapidly weaponized once publicly disclosed, making timely patching essential.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
