Urgent Security Patches for NetScaler Vulnerabilities

Urgent Security Patches for NetScaler Vulnerabilities

Posted on By CWS

Cloud Software Group has issued essential security patches for NetScaler ADC and Gateway, addressing two major vulnerabilities that allow remote attackers to potentially compromise affected systems without authentication.

Organizations utilizing customer-managed deployments are strongly advised to implement these updates immediately to safeguard their systems.

Critical Vulnerability: CVE-2026-3055

The most severe of the identified vulnerabilities, CVE-2026-3055, has been assigned a CVSS v4.0 base score of 9.3, indicating its critical nature. This flaw is due to inadequate input validation resulting in a memory overread condition.

This vulnerability requires no authentication or user interaction, but the appliance must be configured as a SAML Identity Provider (IDP). Cloud Software Group discovered this issue internally, and no active exploitation was reported at disclosure time.

Due to its critical severity, this patch is a high priority for administrators, who can verify exposure by examining their NetScaler configuration for the string add authentication samlIdPProfile .*.

High-Risk Vulnerability: CVE-2026-4368

The second vulnerability, CVE-2026-4368, is rated 7.7 on the CVSS v4.0 scale and involves a race condition leading to potential user session mixup. This affects appliances configured as a Gateway or as an AAA virtual server.

Exploitation requires low-privilege authentication and a specific timing condition, potentially compromising user session confidentiality and integrity, posing significant risks in enterprise VPN environments.

Exposure can be determined by checking configurations for add authentication vserver .* or add vpn vserver .*, necessitating prompt patch deployment.

Patch Recommendations and Affected Versions

The vulnerabilities affect NetScaler ADC and Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, including FIPS/NDcPP before 13.1-37.262. Cloud Software Group advises upgrading to NetScaler ADC and Gateway 14.1-66.59 or later, and 13.1-62.23 or later versions.

This advisory pertains solely to customer-managed deployments, as Citrix-managed cloud services have already been updated by Cloud Software Group.

Given the widespread use of NetScaler ADC and Gateway in enterprise environments, unpatched systems remain a significant security risk. Security teams should prioritize updates, particularly for SAML IDP-configured appliances, due to the critical nature of CVE-2026-3055.

Stay informed with our daily updates on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.

Cyber Security News Tags:, , , , , , , , , , ,

Related Posts

Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain Hackers Can Attack Active Directory Sites to Escalate Privileges and Compromise the Domain Cyber Security News
Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild Microsoft Desktop Window Manager 0-Day Vulnerability Exploited in the wild Cyber Security News
Mustang Panda Using New DLL Side-Loading Technique to Deliver Malware Mustang Panda Using New DLL Side-Loading Technique to Deliver Malware Cyber Security News
Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT Beware of Typosquatted Malicious PyPI Packages That Delivers SilentSync RAT Cyber Security News
Google Patches Critical Gemini CLI Vulnerability Google Patches Critical Gemini CLI Vulnerability Cyber Security News
Hackers Can Bypass EDR by Downloading Malicious File as In-Memory PE Loader Hackers Can Bypass EDR by Downloading Malicious File as In-Memory PE Loader Cyber Security News