Vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway

Summary

The NCSC is urging UK organisations to act immediately to mitigate two recently disclosed Citrix vulnerabilities: CVE-2026-3055 and CVE-2026-4368. Both affect on‑premises NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway appliances when configured in certain roles (SAML IdP, Gateway/AAA). Citrix has published fixes and guidance; customer‑managed instances should be updated without delay.

Key Points

CVE-2026-3055: insufficient input validation in NetScaler when configured as a SAML identity provider (IdP), can lead to memory overread.
CVE-2026-4368: race condition when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server, potentially causing user session mix‑up.
Affected versions include NetScaler ADC/Gateway 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23; specific FIPS/NDcPP builds also noted.
Citrix has released patched versions: 14.1-66.59+, 13.1-62.23+ and corresponding FIPS/NDcPP updates — install these as soon as possible.
Vendor checks: inspect NetScaler configuration for strings to identify vulnerable roles (e.g. “add authentication samlIdPProfile .*”, “add authentication vserver .*”, “add vpn vserver .*”).
NCSC recommends following Citrix bulletin CTX696300 and monitoring for any further updates or indicators of compromise.

What to do

1) Identify whether you run affected on‑premises NetScaler appliances and whether they are configured as SAML IdP, Gateway (VPN/ICA/CVPN/RDP Proxy) or AAA vserver.

2) If so, apply the Citrix updates immediately: 14.1-66.59 (or later), 13.1-62.23 (or later), and the updated 13.1‑FIPS/NDcPP builds listed by Citrix.

3) Use the configuration checks provided by Citrix to confirm whether a given appliance meets the vulnerable pre‑conditions.

4) Continue monitoring the Citrix security bulletin and NCSC advisories for further guidance and indicators.

Context and relevance

NetScaler appliances are widely used to provide remote access, SSL VPN and authentication services. Vulnerabilities that allow memory issues or session mix‑ups can lead to information disclosure, authentication bypasses or user session confusion — all of which increase risk to organisations that rely on these devices for secure remote access. This advisory is particularly relevant to large organisations and cyber security professionals responsible for perimeter and remote access infrastructure.

Why should I read this?

Short version: if you run Citrix NetScaler on‑prem, this is one you need to stop ignoring. The fixes are out, the checks are simple, and leaving it unpatched risks remote access and authentication headaches. We read it so you don’t have to — but do the updates now.