{"id":40024,"date":"2026-03-25T10:32:34","date_gmt":"2026-03-25T09:32:34","guid":{"rendered":"https:\/\/borncity.com\/win\/?p=40024"},"modified":"2026-03-26T10:41:03","modified_gmt":"2026-03-26T09:41:03","slug":"critical-vulnerabilities-in-citrix-netscaler-adc-and-gateway-march-2026","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2026\/03\/25\/critical-vulnerabilities-in-citrix-netscaler-adc-and-gateway-march-2026\/","title":{"rendered":"Critical vulnerabilities in Citrix NetScaler ADC and Gateway (March 2026)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/borncity.com\/blog\/2026\/03\/24\/kritische-schwachstellen-in-citrix-netscaler-adc-und-gateway\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Citrix has issued a warning about several security vulnerabilities classified as critical in its Citrix Gateway and Citrix Netscaler ADC. CERT Bund has also published a corresponding advisory. Citrix has released firmware updates to address these vulnerabilities.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg01.met.vgwort.de\/na\/926de5840bde44bb963fa08b263c9aae\" alt=\"\" width=\"1\" height=\"1\" \/>I came across this issue in the following tweet and in addition, a German blog reader pointed out the vulnerabilities (thanks you for that).<\/p>\n<p><a href=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2026\/03\/image-66.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-322905\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2026\/03\/image-66.png\" alt=\"Citrix-Schwachstellen\" width=\"529\" height=\"670\" \/><\/a><\/p>\n<p>These are the two vulnerabilities CVE-2026-3055 and CVE-2026-4368, which affect Citrix NetScaler ADC\u2014an integrated solution for accelerating, managing, and securing web applications\u2014as well as Citrix Access Gateway, a versatile SSL VPN. Citrix has addressed these vulnerabilities in security advisory <a href=\"https:\/\/support.citrix.com\/support-home\/kbsearch\/article?articleNumber=CTX696300\" target=\"_blank\" rel=\"noopener\">CTX696300<\/a>.<\/p>\n<ul>\n<li>CVE-2026-3055: CVSS 4.0 9.3; Insufficient input validation leads to a buffer overflow.<\/li>\n<li>CVE-2026-4368: CVSS 4.0 7.7; EA race condition can lead to a user session mixup.<\/li>\n<\/ul>\n<p>CVE-2026-3055 was discovered internally by the vendor during routine security reviews. It is currently unclear to me why the BSI has assigned a CVSS Base Score of 10.0 to the CVE-2026-3055 vulnerability (Citrix assigns a CVSS 4.0 score of 9.3).<\/p>\n<h2>Affected Products<\/h2>\n<p>The following versions of NetScaler ADC and NetScaler Gateway are affected by the CVE-2026-3055 vulnerability:<\/p>\n<ul>\n<li>NetScaler ADC and NetScaler Gateway 14.1 before 14.1-66.59<\/li>\n<li>NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23<\/li>\n<li>NetScaler ADC FIPS and NDcPP before 13.1-37.262<\/li>\n<\/ul>\n<p>The NetScaler ADC and NetScaler Gateway 14.1-66.54 are affected by the CVE-2026-4368 vulnerability. These vulnerabilities allow an anonymous or authenticated attacker to remotely disclose information and take over a user session.<\/p>\n<h2>Updates are recommended as soon as possible<\/h2>\n<p>Additionally, there is this <a href=\"https:\/\/community.citrix.com\/techzone-blogs\/110_security-updates\/critical-and-high-severity-updates-announced-for-netscaler-gateway-and-netscaler-adc-r1256\/\" target=\"_blank\" rel=\"noopener\">Citrix Community post from<\/a> Saturday, March 21, 2026, with initial information on the topic. As of last Saturday, no attacks exploiting these vulnerabilities were known.<\/p>\n<p>Customers can determine whether their device is configured as one of these elements by checking their NetScaler configuration for the following strings:<\/p>\n<p>An authentication server (AAA-Vserver):<\/p>\n<pre>add authentication vserver .*<\/pre>\n<p>A Gateway (VPN vserver, ICA proxy, CVPN, RDP proxy):<\/p>\n<pre>add vpn vserver .*<\/pre>\n<p>Administrators of the affected versions of NetScaler ADC and NetScaler Gateway should install the updated versions of the products listed below as soon as possible.<\/p>\n<ul>\n<li>NetScaler ADC and NetScaler Gateway 14.1-66.59 and later versions<\/li>\n<li>NetScaler ADC and NetScaler Gateway 13.1-62.23 and later versions before 13.1<\/li>\n<li>NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later versions before 13.1-FIPS and 13.1-NDcPP<\/li>\n<\/ul>\n<p>Both the community post and the Citrix security advisory contain further information on this topic. In the <a href=\"https:\/\/community.citrix.com\/techzone-blogs\/110_security-updates\/critical-and-high-severity-updates-announced-for-netscaler-gateway-and-netscaler-adc-r1256\/\" target=\"_blank\" rel=\"noopener\">Citrix community post<\/a>, the vendor also mentions a known issue: In NetScaler firmware 14.1-66.54, there is also a known issue where the STA server binding fails if the explicit path to \"ctxsta.dll\" is specified in the STA server configuration. This issue occurs when configuring a virtual server or a global binding via the CLI or the GUI.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Citrix has issued a warning about several security vulnerabilities classified as critical in its Citrix Gateway and Citrix Netscaler ADC. CERT Bund has also published a corresponding advisory. Citrix has released firmware updates to address these vulnerabilities.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22],"tags":[69,1544,195],"class_list":["post-40024","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","tag-security","tag-software","tag-update"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/40024","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=40024"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/40024\/revisions"}],"predecessor-version":[{"id":40025,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/40024\/revisions\/40025"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=40024"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=40024"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=40024"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}