Citrix has issued essential security patches to resolve two significant vulnerabilities in its NetScaler ADC and NetScaler Gateway products. The primary concern is a critical flaw that may permit unauthorized leaks of sensitive data, posing a substantial risk to enterprise environments.
Details of the Vulnerabilities
The vulnerabilities identified are CVE-2026-3055, which has a CVSS score of 9.3, indicating a severe threat due to insufficient input validation leading to memory overread, and CVE-2026-4368, with a CVSS score of 7.7, attributed to a race condition causing user session mix-ups.
Rapid7, a cybersecurity firm, explained that CVE-2026-3055 involves an out-of-bounds read vulnerability. This flaw allows remote attackers without authentication to potentially extract sensitive information from the memory of affected devices. This exploit requires the affected Citrix appliance to function as a SAML Identity Provider (SAML IDP), sparing default configurations from risk.
Configuration Requirements for Exploitation
For CVE-2026-4368 to be exploited, the appliance must be configured as a gateway (such as SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or serve as an Authentication, Authorization, and Accounting (AAA) server. Users can verify their setups by checking the NetScaler Configuration for specific profiles such as AAA virtual server and gateway configurations.
These security concerns impact NetScaler ADC and NetScaler Gateway versions prior to 14.1-66.59 and 13.1-62.23, including specific 13.1-FIPS and 13.1-NDcPP versions before 13.1-37.262. Citrix advises users to install the latest patches immediately to ensure system security.
Urgency and Historical Context
While there are no current reports of these vulnerabilities being exploited in the wild, similar past vulnerabilities, such as Citrix Bleed (CVE-2023-4966) and subsequent related issues, have been targets for cyber threat actors. This history underscores the critical need for rapid patching to prevent potential exploitation.
Benjamin Harris, CEO of watchTowr, highlighted the urgency, stating that the vulnerabilities are reminiscent of previous critical flaws that posed significant threats to enterprise security. He emphasized the importance of immediate action to mitigate risks.
Overall, Citrix’s proactive release of these updates aims to secure NetScaler devices against possible exploitations, reaffirming the necessity for enterprises to maintain up-to-date security measures.
