Cloud Software Group has released urgent patches for NetScaler ADC and NetScaler Gateway, addressing two major vulnerabilities that could allow attackers to compromise affected systems. 
Organizations using customer-managed deployments should apply updates immediately to prevent potential exploitation.
CVE-2026-3055 – Critical Out-of-Bounds Read Vulnerability
The most severe flaw, CVE-2026-3055, carries a CVSS v4.0 score of 9.3, making it critical.
Key Details
- Type: Out-of-bounds read (CWE-125)
- Authentication: Not required
- User interaction: None
- Attack vector: Remote
- Requirement: SAML Identity Provider configuration
The vulnerability occurs due to insufficient input validation, allowing attackers to trigger memory overread conditions.
This flaw specifically impacts systems configured as a SAML Identity Provider (IDP).
Exposure Check
Administrators can verify exposure by searching configuration for:
add authentication samlIdPProfileCVE-2026-4368 – Session Mixup Race Condition
The second vulnerability, CVE-2026-4368, has a CVSS v4.0 score of 7.7 (High).
Key Characteristics
- Race condition vulnerability (CWE-362)
- Causes session mixup
- Requires low-privilege authentication
- Affects VPN and AAA configurations
Affected deployments include:
- SSL VPN
- ICA Proxy
- CVPN
- RDP Proxy
- AAA virtual server
Successful exploitation may compromise session confidentiality and integrity.
Exposure Check
Administrators should look for:
add authentication vserver
add vpn vserverAffected Versions
CVE-2026-3055
- NetScaler ADC/Gateway 14.1 before 14.1-66.59
- NetScaler ADC/Gateway 13.1 before 13.1-62.23
- FIPS/NDcPP before 13.1-37.262
CVE-2026-4368
- NetScaler ADC/Gateway 14.1-66.54
Fixed Versions
Apply the following patched releases immediately:
- NetScaler ADC & Gateway 14.1-66.59 or later
- NetScaler ADC & Gateway 13.1-62.23 or later
- NetScaler ADC 13.1-FIPS / NDcPP 13.1.37.262 or later
Risk Impact
| Vulnerability | Impact |
|---|---|
| CVE-2026-3055 | Remote memory disclosure |
| CVE-2026-4368 | Session hijacking |
| Attack Surface | Enterprise VPN perimeter |
| Privilege Required | None / Low |
| Exploitation | Remote |
Why This Matters
NetScaler appliances commonly sit at the enterprise network perimeter, making them high-value targets.
Potential attacker capabilities:
- Remote reconnaissance
- Session hijacking
- VPN user compromise
- Data interception
- Lateral movement
Mitigation Steps
Security teams should:
- Apply patches immediately
- Audit SAML IDP configurations
- Review VPN appliance exposure
- Restrict management interfaces
- Monitor authentication logs
Additional Security Recommendations
Best Practices
- Enable multi-factor authentication
- Limit administrative access
- Segment VPN infrastructure
- Monitor session anomalies
- Conduct configuration audits
Key Takeaways
- Two NetScaler vulnerabilities disclosed
- Critical CVSS score of 9.3 for CVE-2026-3055
- Remote exploitation possible
- VPN sessions at risk
- Immediate patching required
Conclusion
These NetScaler vulnerabilities pose a serious risk to organizations relying on VPN and application delivery infrastructure. Because these appliances operate at the network edge, exploitation could lead to wide-scale compromise.
Organizations should prioritize:
- Immediate patch deployment
- Configuration auditing
- Continuous monitoring
- Access control enforcement
Prompt remediation will significantly reduce exposure to remote attacks
