By David Hollingworth
Publication Date: 2026-03-25 00:30:00
Cloud computing and virtualisation firm Citrix disclosed a pair of vulnerabilities in its NetScaler ADC and NetScaler Gateway families of products on March 23, and industry experts are already sounding alarms over the potential for exploitation.
CVE-2026-3055 is an out-of-bounds read vulnerability with a CVSS score of 9.3 that could allow an unauthenticated, remote attacker to potentially access sensitive data in the memory of a vulnerable appliance. It impacts the following versions:
You’re out of free articles for this month
- NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-66.59
- NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23
- NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262
CVE-2026-4368, on the other hand, is a race condition vulnerability with a CVSS score of 7.7 that impacts NetScaler ADC and NetScaler Gateway 14.1-66.54.
“Cloud Software Group strongly urges affected customers of NetScaler ADC and NetScaler Gateway…
