Citrix has published a security bulletin detailing two vulnerabilities discovered in its NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products:

• CVE-2026-3055: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
• CVE-2026-4368: Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup 

Organisations using the following Citrix products on premises are affected:

CVE-2026-3055:

• NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-66.59
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23
• NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262

Specific pre-conditions for this vulnerability:

• The appliance must be configured as a SAML identity provider (IdP).

CVE-2026-4368:

• NetScaler ADC and NetScaler Gateway 14.1-66.54

Specific pre-conditions for this vulnerability:

• The appliance must be configured either as a gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or a AAA virtual server.

The vendor has advised that only customer-managed instances require remedial action to be taken. 

The NCSC recommends following vendor best practice advice to mitigate vulnerabilities. In this case, Citrix has released the following updated versions that should be installed as soon as possible:

• NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases
• NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1
• NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP

The vendor has also released the following specific checks that organisations can perform to determine whether their appliances are configured in such a way that they would be vulnerable:

CVE-2026-3055  

Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string:

• Add authentication samlIdPProfile .*

CVE-2026-4368

Customers can determine if they have an appliance configured as one of the following by inspecting their NetScaler Configuration for the specified strings

An Auth Server (AAA Vserver):

• add authentication vserver .*

A Gateway (VPN Vserver,  ICA Proxy, CVPN, RDP Proxy):

• add vpn vserver .*

Affected users should continue to monitor the Citrix security bulletin for any further updates. 

The NCSC provides a range of free guidance, services and tools that help to secure systems.

• Follow NCSC guidance including vulnerability management and preventing lateral movement.
• UK organisations can sign up to the free NCSC Early Warning service to receive notifications of potential threats on your network.
• The NCSC Vulnerability Disclosure Toolkit helps organisations of all sizes with the essential components of implementing a vulnerability disclosure process.