Citrix Disclosed Vulnerabilities Affecting NetScaler ADC and NetScaler Gateway

Citrix disclosed a vulnerability tracked as CVE-2026-3055 in NetScaler ADC and NetScaler Gateway that can produce a memory overread whenever the application is configured as a SAML identity provider and that has a CVSS v4 severity score of 9.3.

Details of the Vulnerability

The flaw occurs in NetScaler ADC and NetScaler Gateway when configuring them as a SAML IdP, producing a memory overread through an input validation weakness. Cybersecurity researchers warned that the vulnerability could be exploited on a large scale comparable to the CitrixBleed vulnerability disclosed in 2023, which was exploited by ransomware groups. The vulnerability is tracked as CVE-2026-3055 and carries a CVSS v4 score of 9.3.

Affected Products

The vulnerability affects NetScaler products only when the application is set as a SAML identity provider. The following products are affected:

  • NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23
  • NetScaler ADC and NetScaler Gateway BEFORE 14.1-66.59

Vendor Response and Remediation

Citrix has issued updated application versions to address the vulnerability. Customers are instructed to prioritize applying the fix because NetScaler devices are frequently targeted by threat actors and the vulnerability is expected to be targeted once a proof-of-concept exploit is released. The advisory emphasizes that remediation should be treated as a high priority for customer-managed instances.

Additional NetScaler Vulnerability Disclosed The Same Week

Citrix also disclosed a separate race condition vulnerability tracked as CVE-2026-4368 that affects NetScaler ADC and NetScaler Gateway 14.1-66.54 if the application is set as either a gateway (ICA Proxy, RDP Proxy, SSL VPN, CVPN) or a AAA virtual server. That flaw is rated high severity with a CVSS base score of 7.7 and has been fixed in version 14.1-60.58. Action to mitigate the vulnerability is recommended for customer-managed instances.

Operational Considerations For Covered Entities and Business Associates

NetScaler products are described as constant targets for threat actors. Cybersecurity researchers cautioned that the newly disclosed input validation flaw and the race condition flaw increase the likelihood of exploitation against exposed appliances. The advisory links the potential for mass exploitation to the prior CitrixBleed incident in 2023, which involved ransomware actors. Organizations, including HIPAA-covered entities, that operate affected NetScaler builds should apply the Citrix updates provided for the listed versions and treat remediation as a priority for customer-managed deployments.

Image credit: Curioso.Photography, Adobestock / logo©NetScaler

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

John Blacksmith

John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism and many years experience.
Twitter
LinkedIn