- 65/2026
- Critical
Citrix has released a security update to address vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway.
The addressed vulnerabilities could allow the attacker to obtain sensitive memory contents, including authentication tokens, cryptographic keys, or user credentials, or gain unauthorized access to the affected systems, leading to a user session mixup where one user’s session data may be incorrectly associated with another user.
The addressed vulnerabilities:
1. Insufficient Input Validation in NetScaler ADC and NetScaler Gateway Vulnerability (CVE-2026-3055):
- CVSS 4.0: 9.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Race Condition in NetScaler ADC and NetScaler Gateway Vulnerability (CVE- 2026-4368):
- CVSS 4.0: 7.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
- CVE-2026-3055
- CVE-2026-4368
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.