Changeflow GovPing Data Privacy & Cybersecurity Citrix NetScaler ADC/Gateway Vulnerabilities
Urgent Notice Added Final

Citrix NetScaler ADC/Gateway Vulnerabilities

Favicon for www.ncsc.gov.uk UK NCSC Alerts & Advisories
Detected March 26th, 2026
Email

Summary

The UK NCSC has issued an alert regarding two critical vulnerabilities (CVE-2026-3055 and CVE-2026-4368) affecting Citrix NetScaler ADC and Gateway products used by UK organizations. Immediate action is recommended to install updated versions and mitigate potential security risks.

View original document View source feed page

What changed

The UK National Cyber Security Centre (NCSC) has issued an alert concerning two recently disclosed vulnerabilities, CVE-2026-3055 and CVE-2026-4368, affecting Citrix NetScaler ADC and NetScaler Gateway products. CVE-2026-3055 is an insufficient input validation vulnerability leading to memory overread when configured as a SAML IDP, while CVE-2026-4368 is a race condition in gateway configurations that could lead to user session mixup. These vulnerabilities impact specific versions of NetScaler ADC and Gateway products deployed on-premises by UK organizations.

Organisations using the affected Citrix products are strongly advised to take immediate action by installing the updated versions recommended by Citrix as soon as possible. The NCSC also provides guidance on how to check specific configurations to determine if appliances are vulnerable. Affected users should monitor the Citrix security bulletin for further updates. Failure to patch these vulnerabilities could expose organizations to significant security risks, including unauthorized access and data breaches.

What to do next

  1. Install updated versions of NetScaler ADC and Gateway as recommended by Citrix.
  2. Verify appliance configurations for SAML IDP, Gateway, or AAA virtual server roles.
  3. Monitor Citrix security bulletin for further updates and guidance.

Source document (simplified)

News Download & print article PDF

Vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway

UK organisations encouraged to take immediate action to mitigate two recently disclosed vulnerabilities, CVE-2026-3055 and CVE-2026-4368, that affect Citrix NetScaler ADC and Citrix NetScaler Gateway.

What has happened?

Citrix has published a security bulletin detailing two vulnerabilities discovered in its NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products:

  • CVE-2026-3055: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
  • CVE-2026-4368: Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Who is affected?

Organisations using the following Citrix products on premises are affected:

CVE-2026-3055:

  • NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-66.59
  • NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23

  • NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262
    Specific pre-conditions for this vulnerability:

  • The appliance must be configured as a SAML identity provider (IdP).
    CVE-2026-4368:

  • NetScaler ADC and NetScaler Gateway 14.1-66.54
    Specific pre-conditions for this vulnerability:

  • The appliance must be configured either as a gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or a AAA virtual server.
    The vendor has advised that only customer-managed instances require remedial action to be taken.

What should I do?

The NCSC recommends following vendor best practice advice to mitigate vulnerabilities. In this case, Citrix has released the following updated versions that should be installed as soon as possible:

  • NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases
  • NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1
  • NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP The vendor has also released the following specific checks that organisations can perform to determine whether their appliances are configured in such a way that they would be vulnerable:

CVE-2026-3055

Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string:

  • Add authentication samlIdPProfile .* CVE-2026-4368

Customers can determine if they have an appliance configured as one of the following by inspecting their NetScaler Configuration for the specified strings

An Auth Server (AAA Vserver):

  • add authentication vserver .*
    A Gateway (VPN Vserver,  ICA Proxy, CVPN, RDP Proxy):

  • add vpn vserver .*
    Affected users should continue to monitor the Citrix security bulletin for any further updates.

Further NCSC resources

The NCSC provides a range of free guidance, services and tools that help to secure systems.

Download & print article PDF Share Share Facebook LinkedIn X Copy Link

Published

25 March 2026

Written for

Cyber security professionals Large organisations

News type

Alert

Was this article helpful?


News

25 Feb 2026

Exploitation of Cisco Catalyst SD-WAN

Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.
Blog Post

10 Feb 2026

Improving your response to vulnerability management

How to ensure the ‘organisational memory’ of past vulnerabilities is not lost.
News

15 Oct 2025

Confirmed compromise of F5 network

The NCSC is advising organisations to follow the guidance issued by F5 and to install the latest security updates.

Related changes

Favicon for www.cisa.gov CISA Adds CVE-2026-33017 to Known Exploited Vulnerabilities Catalog
Priority review Mar 25, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity
Favicon for oig.hhs.gov HHS FISMA Compliance Report: Not Effective, 10 Recommendations Made
Priority review Mar 25, 2026 HHS OIG Reports & Publications Healthcare
Favicon for changeflow.com EPO Patent EP3286707A1: Authentication Server for Electronic Devices
Routine Mar 25, 2026 ChangeBridge: EPO Bulletin - Business Methods (G06Q) Banking & Finance

Source

Favicon for www.ncsc.gov.uk
UK NCSC Alerts & Advisories ncsc.gov.uk/api/1/services/v1/all-rss-feed.xml
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
NCSC
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management Network Security
Geographic scope
United Kingdom GB

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
IT Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 61 AI Regulation 3 Banking & Finance 238 Consumer Protection 41 Courts & Legal 323 Data Privacy & Cybersecurity 64 Defense & National Security 48 Education 20 Energy 105 Environment 83 Government & Legislation 264 Healthcare 131 Housing 16 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 99 Securities & Markets 80 Tax 64 Telecom & Technology 48 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when UK NCSC Alerts & Advisories publishes new changes.

Free. Unsubscribe anytime.