Changeflow GovPing Data Privacy & Cybersecurity Critical NetScaler ADC/Gateway Vulnerability Alert
Urgent Notice Added Final

Critical NetScaler ADC/Gateway Vulnerability Alert

Favicon for www.csa.gov.sg CSA Alerts & Advisories (Singapore)
Published March 26th, 2026
Detected March 26th, 2026
Email

Summary

The Cyber Security Agency of Singapore (CSA) has issued an alert regarding critical vulnerabilities in NetScaler ADC and NetScaler Gateway. Users are strongly advised to update their systems immediately to mitigate risks of sensitive information disclosure and session compromise.

View original document View source feed page

What changed

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert concerning two critical vulnerabilities (CVE-2026-3055 and CVE-2026-4368) affecting NetScaler ADC and NetScaler Gateway products. These vulnerabilities could allow remote attackers to access sensitive in-memory information, such as session tokens and user credentials, or compromise user sessions routed through the appliance. Affected versions include those prior to NetScaler ADC and Gateway 14.1-66.59, NetScaler ADC and Gateway 13.1-62.23, and NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.262.

Users and administrators of affected NetScaler products must update to the latest available versions immediately to prevent exploitation. Failure to patch these vulnerabilities could lead to significant data breaches and system compromises, impacting the confidentiality and integrity of network traffic and user sessions. This advisory emphasizes the critical need for prompt security patching in network infrastructure devices.

What to do next

  1. Update NetScaler ADC and NetScaler Gateway to the latest secure versions immediately.

Source document (simplified)

Alerts

Critical Vulnerability in NetScaler ADC and NetScaler Gateway

26 March 2026

Citrix has released security updates to address two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerabilities include an out-of-bounds read and a session-related flaw that could allow attackers to access sensitive information or compromise user sessions.

Impact

Successful exploitation of these vulnerabilities could allow:

  • CVE-2026-3055: A remote unauthenticated attacker to gain access to sensitive in‑memory information such as session tokens or user credentials.

  • CVE-2026-4368: An attacker to compromise the integrity and confidentiality of user sessions routed through the appliance.
    Affected Products

The following product versions are affected by the vulnerabilities.

  • Versions prior to NetScaler ADC and NetScaler Gateway 14.1-66.59

  • Versions prior to NetScaler ADC and NetScaler Gateway 13.1-62.23

  • Versions prior to NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.262
    Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately.

References

https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

https://nvd.nist.gov/vuln/detail/CVE-2026-3055

https://nvd.nist.gov/vuln/detail/CVE-2026-4368

Back to top

Related changes

Favicon for www.csa.gov.sg CSA Security Bulletin: NIST NVD Vulnerabilities
Priority review Mar 25, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Oracle Critical Vulnerability in Web Services Manager and Identity Manager
Urgent Mar 23, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for www.csa.gov.sg Ubiquiti UniFi Network Application Vulnerabilities Addressed
Priority review Mar 23, 2026 CSA Alerts & Advisories (Singapore) Data Privacy & Cybersecurity
Favicon for changeflow.com Patent EP4423581A1: System for Detecting Anomalous Behaviour
Routine Mar 26, 2026 ChangeBridge: EPO Bulletin - Business Methods (G06Q) Banking & Finance
Favicon for changeflow.com EPO Patent EP4168961A1: Velocity System for Fraud and Data Protection
Routine Mar 26, 2026 ChangeBridge: EPO Bulletin - Business Methods (G06Q) Banking & Finance
Favicon for www.ncsc.gov.uk Citrix NetScaler ADC/Gateway Vulnerabilities
Urgent Mar 26, 2026 UK NCSC Alerts & Advisories Data Privacy & Cybersecurity

Source

Favicon for www.csa.gov.sg
CSA Alerts & Advisories (Singapore) csa.gov.sg/alerts-advisories
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CSA
Published
March 26th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CSA Alerts & Advisories (Singapore) al-2026-027

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Network Security Vulnerability Management
Geographic scope
Singapore SG

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Information Security Network Security

Browse Categories

Agriculture & Food Safety 61 AI Regulation 3 Banking & Finance 238 Consumer Protection 41 Courts & Legal 323 Data Privacy & Cybersecurity 64 Defense & National Security 48 Education 20 Energy 105 Environment 83 Government & Legislation 264 Healthcare 131 Housing 16 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 99 Securities & Markets 80 Tax 64 Telecom & Technology 48 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CSA Alerts & Advisories (Singapore) publishes new changes.

Free. Unsubscribe anytime.