Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler

beyondmachines1@infosec.exchange

Critical Memory Leak and Session Hijacking Vulnerabilities Patched in Citrix NetScaler

Citrix patched a critical memory overread (CVE-2026-3055) and a high-severity session-swapping race condition (CVE-2026-4368) in NetScaler ADC and Gateway. These vulnerabilities allow unauthenticated attackers to leak sensitive memory data or hijack user sessions in environments configured for SAML or VPN services.

**If possible, make sure your NetScaler ADC and Gateway appliances are isolated from the internet and accessible from trusted networks only. Them plan a quick update. If you can't isolate from the internet, this is urgent. Update the firmware to the fixed versions (14.1-66.59, 13.1-62.23, or 13.1-37.262 for FIPS/NDcPP). Attackers have previously exploited similar flaws via the CitrixBleed exploit.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-memory-leak-and-session-hijacking-vulnerabilities-patched-in-citrix-netscaler-s-x-0-i-0/gD2P6Ple2L