Citrix Products Multiple Vulnerabilities

Release Date: 31 Mar 2026

RISK: Medium Risk

TYPE: Operating Systems - Networks OS

Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system.

 

Note:

CVE-2026-3055 is being exploited in the wild.  The vulnerability is caused by insufficient input validation leading to memory overread. Citrix ADC or Citrix Gateway must be configured as a SAML IDP to be vulnerable. Hence, the risk level is rated as Medium Risk.

---

Impact

• Information Disclosure
• Denial of Service

---

System / Technologies affected

• NetScaler ADC and NetScaler Gateway  14.1-66.54
• NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-60.58
• NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23
• NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

---

Vulnerability Identifier

• CVE-2026-3055
• CVE-2026-4368

---

Source

• Citrix
• CISA

---

Related Link

• https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300
• https://www.cisa.gov/news-events/alerts/2026/03/30/cisa-adds-one-known-exploited-vulnerability-catalog