2026-003: Multiple Vulnerabilities in Citrix NetScaler and Citrix ADC
On 23 March 2026, Citrix published a security advisory addressing multiple vulnerabilities affecting NetScaler ADC and NetScaler Gateway. These vulnerabilities may lead to sensitive information disclosure and user session mix-up under specific configurations. At the time of writing, there is no public evidence of active exploitation. It is strongly recommended updating affected gateways, prioritising internet-facing assets. It is also recommended to preserve evidence for further investigation.
CSIRTS triage
- What
- Multiple vulnerabilities may lead to sensitive information disclosure and user session mix-up.
- Who is affected
- Users of Citrix NetScaler ADC and NetScaler Gateway are affected under specific configurations.
- Urgency
- Remediation is recommended but not urgent as there is no public evidence of active exploitation.
- Action
- Update affected gateways, prioritising internet-facing assets.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch NetScaler ADC and NetScaler Gateway
Get an email when a new NetScaler ADC and NetScaler Gateway advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://cert.europa.eu/publications/security-advisories/2026-003/
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Exploitation likely imminentCVE-2026-3055EPSS puts this in the most-targeted tier (84.0% 30-day exploitation probability). Prioritize alongside KEV items. Riskier than 100% of all scored CVEs.
- Moderate exploitation riskCVE-2026-43683.6% 30-day exploitation probability. Patch within normal cadence, watch for KEV listing. Riskier than 88% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-3055 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-4368 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- criticalexploitedCVE-2026-3055: Citrix NetScaler Out-of-Bounds Read Vulnerabilitycisa-kev
Recent advisories for 2026-003
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalDrupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003drupal · 2026-04-15
More from CERT-EU Security Advisories
- critical2026-008: Critical vulnerabilities in Ivanti Sentry2026-06-10
- critical2026-007: Critical Vulnerability in Windows Netlogon2026-06-10
- critical2026-006: Critical Vulnerability in PAN-OS2026-05-06
- high2026-005: High Vulnerability in the Linux Kernel ("Copy Fail")2026-04-30
- critical2026-004: Critical Vulnerability in SharePoint Exploited2026-03-25