By Ionut Arghire
Publication Date: 2026-03-24 11:19:00
Citrix on Monday announced patches for a critical-severity vulnerability in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that could lead to sensitive memory leaks.
The flaw is tracked as CVE-2026-3055 (CVSS score of 9.3) and is described as an out-of-bounds read issue impacting NetScaler deployments configured as a SAML Identity Provider (SAML IDP).
“Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string: add authentication samlIdPProfile .*,” Citrix notes in its advisory.
Fixes for the security defect were included in NetScaler ADC and NetScaler Gateway versions 14.1-66.59, 13.1-62.23, and 13.1-NDcPP 13.1.37.262.
The security updates also resolve CVE-2026-4368, a high-severity race condition issue that could lead to ‘user session mixup’ if the appliances are configured as gateways or AAA virtual servers.
The company…