CVE-2026-4368

HIGH7.7

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

Present

Privileges Required

Low

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

High

Availability (Vulnerable System)

High

Confidentiality (Subsequent System)

None

Integrity (Subsequent System)

None

Availability (Subsequent System)

None

Affected products

NetScaler / ADC14.1.66.54 – 14.1.66.54
NetScaler / Gateway14.1.66.54 – 14.1.66.54

References

MISChttps://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Updated 28m ago · 2 sources