CVE-2026-4368Out-of-bounds Read in ADC

CWE-125Out-of-bounds Read148 documents8 sources
Severity
7.7HIGHNVD
CISA9.3
EPSS
0.0%
top 95.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Netscaler ADCNetscaler GatewayCitrix ADM+6 more
Timeline
PublishedMar 23
Latest updateMar 30

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages9 packages

CVEListV5netscaler/gateway14.1.66.54
CVEListV5netscaler/adc14.1.66.54

🔴Vulnerability Details

1
GHSA
GHSA-445m-jc4j-p5gf: Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual ser2026-03-23

📋Vendor Advisories

140
CISA
Citrix NetScaler Out-of-Bounds Read Vulnerability2026-03-30
Citrix
Citrix Security Bulletin CTX111827
Citrix
Citrix Security Bulletin CTX116310
Citrix
Citrix Security Bulletin CTX108354
Citrix
Citrix Security Bulletin CTX677093

🕵️Threat Intelligence

5
Bleepingcomputer
Critical Citrix NetScaler memory flaw actively exploited in attacks2026-03-30
Bleepingcomputer
Citrix urges admins to patch NetScaler flaws as soon as possible2026-03-25
Hackernews
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks2026-03-24
Wiz
CVE-2026-3055 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-4368 Impact, Exploitability, and Mitigation Steps | Wiz

📄Research Papers

1
NCSC
Vulnerabilities affecting Citrix NetScaler ADC and Citrix NetScaler Gateway2026-03-25