Cloud Software Group has released an important security alert addressing two significant vulnerabilities within the NetScaler ADC and NetScaler Gateway devices managed by customers. These vulnerabilities, identified as CVE-2026-3055 and CVE-2026-4368, pose risks of remote attackers accessing sensitive information or causing user session errors.
Details of the Citrix Vulnerabilities
The security announcement highlights two separate vulnerabilities impacting various configurations of the NetScaler equipment. The more critical of these, CVE-2026-3055, is an out-of-bounds read flaw resulting from inadequate input validation. With a critical severity score of 9.3, this vulnerability could permit attackers to read memory beyond the intended buffer limits, potentially exposing critical data, such as credentials or session tokens.
However, this vulnerability is limited to appliances configured as a Security Assertion Markup Language (SAML) Identity Provider (IdP). Administrators can determine their vulnerability by checking for the string add authentication samlIdPProfile .* in their NetScaler settings.
Impact and Recommendations
The second issue, CVE-2026-4368, involves a race condition that can lead to user session mix-ups. Such mix-ups may unintentionally share an active session from one user to another, risking exposure of sensitive information. This occurs when the appliance functions as a Gateway or an Authentication, Authorization, and Auditing (AAA) virtual server.
Deployments with configuration files containing add authentication vserver .* or add vpn vserver .* are susceptible. These vulnerabilities exclusively affect customer-managed NetScaler ADC and Gateway systems, while Citrix-managed cloud services and Citrix-managed Adaptive Authentication remain unaffected due to preemptive infrastructure updates.
Urgency of Immediate Patching
Security teams are strongly advised to apply the latest security patches to safeguard network infrastructure. The Cloud Software Group uncovered these flaws during internal security assessments, with no current evidence of active exploitation. Nonetheless, the critical nature of the memory overread vulnerability calls for prompt patching and continuous session monitoring.
Ensuring that affected appliances are updated to the latest supported firmware versions is crucial for maintaining network security.
Stay informed with daily cybersecurity updates by following us on Google News, LinkedIn, and X. Reach out to us to share your stories.
