Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities

Citrix Urges Immediate Patching for Critical NetScaler Vulnerabilities

By Kevin Poireault
Publication Date: 2026-03-24 15:15:00

Citrix has released a new critical security bulletin addressing two new vulnerabilities in its NetScaler Application Delivery Controller (ADC) and NetScaler Gateway.

The two products, formerly known as Citrix ADC and Citrix Gateway, are networking and security solutions used by enterprises to manage, optimize and secure application delivery and remote access.

CVE-2026-3055: Critical Out-of-Bounds Read

The first vulnerability, tracked as CVE-2026-3055 is a critical out-of-bounds read with a severity score (CVSS v4.0) of 9.3.

Identified internally by Citrix’s parent company, the Cloud Software Group, the flaw is due to insufficient input validation leading to memory overread. If exploited, it can enable an unauthenticated remote attacker to leak potentially sensitive information from the appliance’s memory.

The products affected by CVE-2026-3055 include:

  • NetScaler ADC and NetScaler Gateway versions 14.1 before 14.1-66.59
  • NetScaler ADC and NetScaler…