INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Citrix NetScaler Critical Vulnerability Exploit Found

| 2026-03-24 15:15 CRITICAL HIGH
JSON
Executive Summary AI-generated
The company's critical out-of-bounds read vulnerability, CVE-2026-3055, affects NetScaler ADC and Gateway versions 14.1 before 14.1-66.59 due to a software version mismatch between the affected systems and Citrix's advisory. The flaw can be exploited by attackers seeking to gain unauthorized access through session hijacking.
Technical Mitigations AI-generated
* Use a secure protocol such as HTTPS or SFTP to encrypt data transmitted between the client and server. * Implement input validation checks on user-supplied data to prevent buffer overflows and other types of attacks. * Regularly update operating systems, applications, and firmware to ensure that known vulnerabilities are patched before they can be exploited. * Use a secure password management system to store and generate strong passwords for all accounts.
Technical Observables
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Salt TyphoonSalt Typhoon CVE-2025-6543CVE-2025-6543 CVE-2025-7775CVE-2025-7775 CVE-2023-4966CVE-2023-4966 CVE-2025-5777CVE-2025-5777 CVE-2026-3055CVE-2026-3055 CVE-2026-4368CVE-2026-4368
Target & Sectors
Global Scope
Incident Timeline
March 23
Threat actors used a vulnerability in NetScaler ADC and Gateway versions 14.1 before 14.1-66.59 to target systems configured as SAML Identity Providers (SAPs).
vulnerability CVE-2026-3055
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
infrastructure 14.1
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
infrastructure 14.1-66
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
infrastructure 13.1
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
infrastructure 13.1-62
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
infrastructure 13.1-37
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
organisation CVE-2026
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
organisation NetScaler ADC
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
organisation NetScaler ADC FIPS
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
organisation NetScaler
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
general_metric 14.1 versions
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
general_metric 13.1 NetScaler ADC
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
2026-3055
Threat actors used a software update to target Citrix NetScaler systems vulnerable to CVE 2026-3055.
infrastructure 14.1-60
Additionally, mitigation via Global Deny List signatures for CVE 2026-3055 is applicable only on 14.1-60.52 and 14.1-60.57 firmware builds,” the company noted.
organisation Global Deny List
Additionally, mitigation via Global Deny List signatures for CVE 2026-3055 is applicable only on 14.1-60.52 and 14.1-60.57 firmware builds,” the company noted.
financial 60.57 firmware builds
Additionally, mitigation via Global Deny List signatures for CVE 2026-3055 is applicable only on 14.1-60.52 and 14.1-60.57 firmware builds,” the company noted.
tactic T1592.002 - Software
Cloud Software Group has released Global Deny List signatures for mitigating CVE 2026-3055.
Mar 24, 2026
Threat actors exploited a previously unknown vulnerability in Citrix's NetScaler product to gain unauthorized access.
2026-03-24
Citrix released security updates to address two vulnerabilities in its NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.
infrastructure 9.3
Citrix issued security updates for two NetScaler vulnerabilities, including a critical memory overread, tracked as CVE-2026-3055 (CVSS score of 9.3), that allows unauthenticated attackers to leak sensitive data.
organisation Citrix ADC
The flaw CVE-2026-3055 is an insufficient input validation leading to memory overread, it can be triggered only if Citrix ADC or Citrix Gateway are configured as a SAML IDP.
The two products, formerly known as Citrix ADC and Citrix Gateway, are networking and security solutions used by enterprises to manage, optimize and secure application delivery and remote access.
organisation CVSS
* “This vulnerability,  CVE-2026-3055 , which is classified as an out-of-bounds read and holds a CVSS score of  9.3 , allows unauthenticated remote attackers to leak potentially sensitive information from the appliance’s memory.” reads the advisory published by Rapid7 researchers.
organisation CVE-2026
Race condition leading to user session mixup Cybersecurity company Rapid7 said that CVE-2026-3055 refers to an out-of-bounds read that could be exploited by unauthenticated remote attackers to leak potentially sensitive information from the appliance's memory.
infrastructure 14.1
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
infrastructure 14.1-66
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
It affects NetScaler ADC and NetScaler Gateway version 14.1-66.54 if NetScaler is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
* ” Affected customers are advised to install NetScaler ADC and NetScaler Gateway version 14.1-66.59 to apply the patch for CVE-2026-4368.
infrastructure 13.1
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
infrastructure 13.1-62
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
infrastructure 13.1-37
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
organisation NetScaler ADC
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
infrastructure 13.1-FIPS
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
infrastructure 13.1-NDcPP
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
infrastructure 13.1.37
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
infrastructure 14.1.60
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
infrastructure 13.1 FIPS
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
organisation ICA
It affects NetScaler ADC and NetScaler Gateway version 14.1-66.54 if NetScaler is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
*" CVE-2026-4368, on the other hand, requires the appliance to be configured as a gateway (i.e., SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or an Authentication, Authorization, and Accounting ( AAA ) server.
organisation AAA
It affects NetScaler ADC and NetScaler Gateway version 14.1-66.54 if NetScaler is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
*" CVE-2026-4368, on the other hand, requires the appliance to be configured as a gateway (i.e., SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or an Authentication, Authorization, and Accounting ( AAA ) server.
organisation NetScaler
Citrix NetScaler critical flaw could leak data, update now.
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks.
organisation the Cloud
Identified internally by Citrix’s parent company, the Cloud Software Group, the flaw is due to insufficient input validation leading to memory overread.
infrastructure 7.7
The second vulnerability fixed by the vendor is a race condition tracked as CVE-2026-4368 (CVSS score of 7.7) that causes session mix-ups.
organisation SSL VPN
*" CVE-2026-4368, on the other hand, requires the appliance to be configured as a gateway (i.e., SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or an Authentication, Authorization, and Accounting ( AAA ) server.
organisation NetScaler Application
Citrix has released a new critical security bulletin addressing two new vulnerabilities in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway.
organisation NetScaler Gateway
Citrix has released a new critical security bulletin addressing two new vulnerabilities in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway.
 Ravie Lakshmanan  Mar 24, 2026 Vulnerability / Enterprise Security Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.
organisation Vulnerability / Enterprise Security
 Ravie Lakshmanan  Mar 24, 2026 Vulnerability / Enterprise Security Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.
organisation NetScaler ADC
 Ravie Lakshmanan  Mar 24, 2026 Vulnerability / Enterprise Security Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that could be exploited to leak sensitive data from the application.
organisation NetScaler Configuration
Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: “ add authentication samlIdPProfile .
To determine if the device has been configured as a SAML IDP Profile, Citrix is urging customers to inspect their NetScaler Configuration for the specified string: "add authentication samlIdPProfile .
organisation the Global Deny List
“Please note that to receive signatures meant for the Global Deny List, you must use NetScaler Console (Console On-prem with Cloud Connect or Console Service).
organisation NetScaler Console
“Please note that to receive signatures meant for the Global Deny List, you must use NetScaler Console (Console On-prem with Cloud Connect or Console Service).
organisation PoC
There is no known in-the-wild exploitation and no public proof-of-concept (PoC) exploit available at the time of writing.
organisation AAA Vserver
Customers can determine if they have an appliance configured as one of the following by inspecting their NetScaler Configuration for the specified strings An Auth Server (AAA Vserver): “ add authentication vserver .
organisation Shutterstock.com
Image credits:  JHVEPhoto / viewimage / Shutterstock.com Read now: Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
threat_actor Salt Typhoon
Image credits:  JHVEPhoto / viewimage / Shutterstock.com Read now: Salt Typhoon Uses Citrix Flaw in Global Cyber-Attack
organisation CVE-2023-4966
Customers should patch immediately, as similar memory-leak flaws like “ CitrixBleed ” ( CVE-2023-4966 ) were widely exploited in 2023.
While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors ( CVE-2023-4966 , aka Citrix Bleed, CVE-2025-5777 , aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775 ), making it imperative that users take steps to update their instances.
organisation CVE-2025-6543
While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors ( CVE-2023-4966 , aka Citrix Bleed, CVE-2025-5777 , aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775 ), making it imperative that users take steps to update their instances.
organisation CVE-2025-7775
While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors ( CVE-2023-4966 , aka Citrix Bleed, CVE-2025-5777 , aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775 ), making it imperative that users take steps to update their instances.
organisation Citrix Bleed
While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors ( CVE-2023-4966 , aka Citrix Bleed, CVE-2025-5777 , aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775 ), making it imperative that users take steps to update their instances.
organisation CVE-2025
While there is no evidence that the shortcomings have been exploited in the wild, security flaws in NetScaler devices have been repeatedly exploited by threat actors ( CVE-2023-4966 , aka Citrix Bleed, CVE-2025-5777 , aka Citrix Bleed 2, CVE-2025-6543, and CVE-2025-7775 ), making it imperative that users take steps to update their instances.
organisation SecurityAffairs
Follow me on Twitter:  @securityaffairs  and  Facebook  and  Mastodon Pierluigi Paganini ( SecurityAffairs  – hacking, Citrix )
organisation The Hacker News
If it sounds familiar, it's because it is – this vulnerability sounds suspiciously similar to Citrix Bleed and Citrix Bleed 2, which continue to represent a trauma event for many," watchTowr CEO and founder Benjamin Harris told The Hacker News.
organisation the NetScaler Configuration
Customers can check the NetScaler Configuration to ascertain if their devices have been configured as either of the nodes - AAA virtual server - add authentication vserver .
organisation NetScalers
"NetScalers are critical solutions that have been continuously targeted for initial access into enterprise environments.
Tactical Metrics
Metrics
infrastructure
​14.1
Software Version
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​14.1-66
Software Version
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
It affects NetScaler ADC and NetScaler Gateway version 14.1-66.54 if NetScaler is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
* ” Affected customers are advised to install NetScaler ADC and NetScaler Gateway version 14.1-66.59 to apply the patch for CVE-2026-4368.
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​13.1
Software Version
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​13.1-62
Software Version
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​13.1-37
Software Version
The products affected by CVE-2026-3055 include: NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 NetScaler ADC and NetScaler Gateway 13.1 before 13.1-62.23 NetScaler ADC FIPS and NDcPP before 13.1-37.262 However, according to Citrix’s advisory , published on March 23, these vulnerabilities only affect NetScaler systems explicitly configured as a SAML Identity Provider (SAML IDP).
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​13.1-FIPS
Software Version
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​13.1-NDcPP
Software Version
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
* The vulnerabilities affect NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59 and 13.1 before 13.1-62.23, as well as NetScaler ADC 13.1-FIPS and 13.1-NDcPP before 13.1-37.262.
Metrics
infrastructure
​13.1.37
Software Version
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
Metrics
infrastructure
​14.1.60
Software Version
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
Metrics
infrastructure
13
Fips
* .” Cloud Software Group strongly urges affected customers to install the relevant updated versions as soon as possible, which include: NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1 NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP NetScaler introduced the Global Deny List feature in its 14.1.60.52 versions.
Metrics
infrastructure
​14.1-60
Software Version
Additionally, mitigation via Global Deny List signatures for CVE 2026-3055 is applicable only on 14.1-60.52 and 14.1-60.57 firmware builds,” the company noted.
Metrics
financial
61
Firmware Builds
Additionally, mitigation via Global Deny List signatures for CVE 2026-3055 is applicable only on 14.1-60.52 and 14.1-60.57 firmware builds,” the company noted.
Metrics
infrastructure
​9.3
Software Version
Citrix issued security updates for two NetScaler vulnerabilities, including a critical memory overread, tracked as CVE-2026-3055 (CVSS score of 9.3), that allows unauthenticated attackers to leak sensitive data.
Metrics
infrastructure
​7.7
Software Version
The second vulnerability fixed by the vendor is a race condition tracked as CVE-2026-4368 (CVSS score of 7.7) that causes session mix-ups.
Intelligence Sources
The Hacker News 2026-03-24
Infosecurity-Magazine 2026-03-24
Security Affairs 2026-03-24