Urgent Security Patches for NetScaler Vulnerabilities

Urgent Security Patches for NetScaler Vulnerabilities

Posted on By CWS

Cloud Software Group has issued essential security patches for NetScaler ADC and Gateway, addressing two major vulnerabilities that allow remote attackers to potentially compromise affected systems without authentication.

Organizations utilizing customer-managed deployments are strongly advised to implement these updates immediately to safeguard their systems.

Critical Vulnerability: CVE-2026-3055

The most severe of the identified vulnerabilities, CVE-2026-3055, has been assigned a CVSS v4.0 base score of 9.3, indicating its critical nature. This flaw is due to inadequate input validation resulting in a memory overread condition.

This vulnerability requires no authentication or user interaction, but the appliance must be configured as a SAML Identity Provider (IDP). Cloud Software Group discovered this issue internally, and no active exploitation was reported at disclosure time.

Due to its critical severity, this patch is a high priority for administrators, who can verify exposure by examining their NetScaler configuration for the string add authentication samlIdPProfile .*.

High-Risk Vulnerability: CVE-2026-4368

The second vulnerability, CVE-2026-4368, is rated 7.7 on the CVSS v4.0 scale and involves a race condition leading to potential user session mixup. This affects appliances configured as a Gateway or as an AAA virtual server.

Exploitation requires low-privilege authentication and a specific timing condition, potentially compromising user session confidentiality and integrity, posing significant risks in enterprise VPN environments.

Exposure can be determined by checking configurations for add authentication vserver .* or add vpn vserver .*, necessitating prompt patch deployment.

Patch Recommendations and Affected Versions

The vulnerabilities affect NetScaler ADC and Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, including FIPS/NDcPP before 13.1-37.262. Cloud Software Group advises upgrading to NetScaler ADC and Gateway 14.1-66.59 or later, and 13.1-62.23 or later versions.

This advisory pertains solely to customer-managed deployments, as Citrix-managed cloud services have already been updated by Cloud Software Group.

Given the widespread use of NetScaler ADC and Gateway in enterprise environments, unpatched systems remain a significant security risk. Security teams should prioritize updates, particularly for SAML IDP-configured appliances, due to the critical nature of CVE-2026-3055.

Stay informed with our daily updates on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.

Cyber Security News Tags:, , , , , , , , , , ,

Related Posts

Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems Proxyware Malware Disguised as Notepad++ Tool Leverages Windows Explorer Process to Hijack Systems Cyber Security News
Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection Predator Mobile Spyware Remains Consistent with New Design Changes to Evade Detection Cyber Security News
Scavenger Malware Hijacks Popular npm Packages to Attack Developers Scavenger Malware Hijacks Popular npm Packages to Attack Developers Cyber Security News
72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Days 72 Vulnerabilities Fixed, Including 5 Actively Exploited Zero-Days Cyber Security News
Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad Apple Fixes 0-Day Vulnerabilities in Older version of iPhones and iPad Cyber Security News
Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support Indian Authorities Dismantled Cybercriminals That Impersonate as Microsoft Tech Support Cyber Security News