Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information

Critical Citrix NetScaler and Gateway Vulnerabilities Let Remote Attackers Leak Sensitive Information

By Abinaya
Publication Date: 2026-03-27 08:26:00

Cloud Software Group has issued a critical security bulletin detailing two newly discovered vulnerabilities affecting customer-managed NetScaler ADC and NetScaler Gateway appliances.

These flaws, tracked as CVE-2026-3055 and CVE-2026-4368, could allow remote attackers to leak sensitive information or cause user session mixups.

Network administrators and security teams are strongly urged to apply the latest security patches immediately to prevent potential network compromise.

Citrix NetScaler and Gateway Vulnerabilities

The security bulletin outlines two distinct vulnerabilities affecting different configurations of the NetScaler appliances.

The most severe of the two flaws is CVE-2026-3055, an out-of-bounds read vulnerability caused by insufficient input validation. Earning a critical base score of 9.3, this flaw enables remote attackers to trigger a memory overread.

An out-of-bounds read allows an attacker to access memory locations…