Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in NetScaler ADC and NetScaler Gateway

26 March 2026

Citrix has released security updates to address two vulnerabilities affecting NetScaler ADC and NetScaler Gateway. Users and administrators of affected products are advised to update to the latest versions immediately.

Background

Citrix has released security updates to address two vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerabilities include an out-of-bounds read and a session-related flaw that could allow attackers to access sensitive information or compromise user sessions.

Impact

Successful exploitation of these vulnerabilities could allow:

  • CVE-2026-3055: A remote unauthenticated attacker to gain access to sensitive in‑memory information such as session tokens or user credentials.

  • CVE-2026-4368: An attacker to compromise the integrity and confidentiality of user sessions routed through the appliance.

Affected Products

The following product versions are affected by the vulnerabilities.

  • Versions prior to NetScaler ADC and NetScaler Gateway 14.1-66.59

  • Versions prior to NetScaler ADC and NetScaler Gateway 13.1-62.23

  • Versions prior to NetScaler ADC 13.1-FIPS and NDcPP 13.1-37.262

Recommendations

Users and administrators of affected product versions are advised to update to the latest versions immediately. 

References

https://thehackernews.com/2026/03/citrix-urges-patching-critical.html

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

https://nvd.nist.gov/vuln/detail/CVE-2026-3055

https://nvd.nist.gov/vuln/detail/CVE-2026-4368

Back to top