Citrix patched two serious vulnerabilities in NetScaler ADC and NetScaler Gateway appliances: CVE-2026-3055, a memory overread in SAML IDP configurations similar to past CitrixBleed flaws, and CVE-2026-4368, a race-condition bug that can cause session mix-ups. Customers are urged to apply fixes for affected versions immediately as thousands of NetScaler instances are exposed online and attackers may quickly reverse-engineer the patches. #Citrix #NetScalerADC #NetScalerGateway #CVE20263055 #CitrixBleed
Keypoints
- CVE-2026-3055 allows remote memory overread on NetScaler ADC/Gateway configured as a SAML IDP, risking theft of session tokens.
- CVE-2026-4368 is a low-privilege race-condition vulnerability affecting Gateway (SSL VPN, ICA Proxy, CVPN, RDP proxy) and AAA virtual servers, which can lead to user session mix-ups.
- Patches are available for versions 13.1 and 14.1 (fixed in 13.1-62.23 and 14.1-66.59; 13.1-FIPS/13.1-NDcPP addressed in 13.1-37.262).
- Shadowserver is tracking over 30,000 NetScaler ADC and more than 2,300 Gateway instances exposed online, though the number of unpatched systems is unknown.
- Security vendors warn urgent remediation is critical because the flaw’s similarity to CitrixBleed and CitrixBleed2 raises the risk of rapid exploit development.