By guenni
Publication Date: 2026-03-25 09:32:00
[German]Citrix has issued a warning about several security vulnerabilities classified as critical in its Citrix Gateway and Citrix Netscaler ADC. CERT Bund has also published a corresponding advisory. Citrix has released firmware updates to address these vulnerabilities.
I came across this issue in the following tweet and in addition, a German blog reader pointed out the vulnerabilities (thanks you for that).
These are the two vulnerabilities CVE-2026-3055 and CVE-2026-4368, which affect Citrix NetScaler ADC—an integrated solution for accelerating, managing, and securing web applications—as well as Citrix Access Gateway, a versatile SSL VPN. Citrix has addressed these vulnerabilities in security advisory CTX696300.
- CVE-2026-3055: CVSS 4.0 9.3; Insufficient input validation leads to a buffer overflow.
- CVE-2026-4368: CVSS 4.0 7.7; EA race condition can lead to a user session mixup.
CVE-2026-3055 was discovered internally by the vendor during routine security reviews. It…
