Changeflow GovPing Data Privacy & Cybersecurity Citrix Products Vulnerabilities
Urgent Notice Added Final

Citrix Products Vulnerabilities

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 23rd, 2026
Detected March 23rd, 2026
Email

Summary

CERT-FR has issued an advisory regarding multiple vulnerabilities discovered in Citrix NetScaler ADC and Gateway products. These vulnerabilities could lead to data confidentiality breaches and security policy bypasses. Affected versions require immediate patching.

View original document View source feed page

What changed

CERT-FR, the French national cybersecurity agency, has issued an advisory (CERTFR-2026-AVI-0337) detailing multiple critical vulnerabilities in Citrix NetScaler ADC and NetScaler Gateway products. The vulnerabilities, identified by CVE-2026-3055 and CVE-2026-4368, can allow attackers to compromise data confidentiality and bypass security policies. Specific affected versions include NetScaler ADC 13.1-FIPS, 13.1-NDcPP, 13.1.x, and 14.0.x, as well as NetScaler Gateway 13.1.x and 14.0.x, prior to the application of specific patch versions.

Organizations utilizing the affected Citrix products must immediately consult the vendor's security bulletin (CTX696300) and apply the necessary patches to mitigate the risks of data breaches and security policy circumvention. Failure to do so could result in significant security incidents, including unauthorized access to sensitive information and disruption of network security controls. This advisory highlights the critical need for timely vulnerability management and patching for network infrastructure components.

What to do next

  1. Consult Citrix security bulletin CTX696300
  2. Apply vendor-provided patches to affected NetScaler ADC and Gateway versions
  3. Verify successful patch deployment and system integrity

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 23 mars 2026 N° CERTFR-2026-AVI-0337 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits Citrix

Gestion du document

| Référence | CERTFR-2026-AVI-0337 |
| Titre | Multiples vulnérabilités dans les produits Citrix |
| Date de la première version | 23 mars 2026 |
| Date de la dernière version | 23 mars 2026 |
| Source(s) | Bulletin de sécurité Citrix CTX696300 du 23 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risques

  • Atteinte à la confidentialité des données
  • Contournement de la politique de sécurité

Systèmes affectés

  • NetScaler ADC 13.1-FIPS et 13.1-NDcPP versions antérieures à 13.1.37.262
  • NetScaler ADC versions 13.1.x antérieures à 13.1-62.23
  • NetScaler ADC versions 14.0.x antérieures à 14.1-66.59
  • NetScaler Gateway  versions 13.1.x antérieures à 13.1-62.23
  • NetScaler Gateway  versions 14.0.x antérieures à 14.1-66.59

Résumé

De multiples vulnérabilités ont été découvertes dans les produits Citrix. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 23 mars 2026 Version initiale

Named provisions

Risks Affected Systems Summary Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Qnap Products Security Vulnerabilities
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Synology Products Vulnerability Allows Remote Code Execution
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr CPython Vulnerability Allows Security Policy Bypass
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Uptime Kuma Vulnerability Allows Information Disclosure
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de MinIO Vulnerability Allows Info Disclosure and Security Bypass
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de PyTorch Vulnerability Allows Local Code Execution
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 23rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0337

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Network Security Vulnerability Management
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy Information Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 230 Consumer Protection 40 Courts & Legal 315 Data Privacy & Cybersecurity 63 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 259 Healthcare 131 Housing 15 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 97 Securities & Markets 78 Tax 63 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.