Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information
\n \t
\n
<\/BR>
\n
\n \t
\n
<\/BR><\/p>\n
Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances.<\/a><\/p>\n These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information<\/a> or cause user session mixups.<\/p>\n Network administrators and security teams are strongly urged to apply the latest security patches<\/a> immediately to prevent potential network compromise.<\/p>\n The security bulletin outlines two distinct vulnerabilities affecting different configurations of the NetScaler appliances.<\/p>\n The most severe of the two flaws is CVE-2026-3055, an out-of-bounds read vulnerability<\/a> caused by insufficient input validation. Earning a critical base score of 9.3, this flaw enables remote attackers to trigger a memory overread.<\/p>\n An out-of-bounds read allows an attacker to access memory locations beyond a buffer\u2019s intended boundaries, potentially exposing sensitive operational data, credentials, or session tokens.<\/a><\/p>\n However, exploitation is conditionally restricted. The vulnerability only affects appliances explicitly configured as a Security Assertion Markup Language (SAML) Identity Provider (IdP)<\/a>.<\/p>\n Administrators can quickly verify their exposure by checking their NetScaler configuration for the specific string\u00a0add authentication samlIdPProfile .*.<\/p>\n The second vulnerability, CVE-2026-4368, is a race condition flaw that triggers a user session mixup. Session mixups can inadvertently transfer an active session belonging to one user to another, unintentionally exposing sensitive information or granting access.<\/p>\n This issue is triggered when the appliance operates as a Gateway (including SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or as an Authentication, Authorization, and Auditing (AAA) virtual server.<\/a><\/p>\n Configuration files containing\u00a0add authentication vserver .*\u00a0or\u00a0add vpn vserver .*\u00a0indicate an exposed deployment. These vulnerabilities exclusively impact customer-managed NetScaler ADC and Gateway systems.<\/p>\n Cloud environments utilizing Citrix-managed cloud services or Citrix-managed Adaptive Authentication are not at risk, as the vendor has already applied the necessary infrastructure updates.<\/p>\n To secure network infrastructure, cybersecurity teams must immediately upgrade affected appliances to the latest supported firmware versions.<\/a><\/p>\n The flaws were identified during internal security reviews by Cloud Software Group, and there are currently no indicators of active exploitation in the wild.<\/p>\n Regardless, the critical nature of the memory overread vulnerability necessitates rapid patching and vigilant monitoring of session integrity.<\/p>\n Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n The post Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nCitrix NetScaler and Gateway Vulnerabilities<\/strong><\/h2>\n