"CVE-2026-3055 refers to an out-of-bounds read that could be exploited by unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory."
"For exploitation to be successful, the Citrix ADC or Citrix Gateway appliance must be configured as a SAML Identity Provider, meaning default configurations are unaffected."
"CVE-2026-4368 requires the appliance to be configured as a gateway or an Authentication, Authorization, and Accounting server, with specific configurations to check."
"While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors."
Citrix has issued security updates for two vulnerabilities in NetScaler ADC and NetScaler Gateway. CVE-2026-3055, with a CVSS score of 9.3, allows unauthenticated remote attackers to leak sensitive information through insufficient input validation. CVE-2026-4368, scoring 7.7, involves a race condition that can lead to user session mixups. Affected versions include NetScaler ADC and Gateway versions prior to specified updates. Users are urged to apply updates promptly, although there is no evidence of exploitation in the wild.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]