Race Condition in NetScaler ADC and Gateway Leading to User Session Mixup
CVE-2026-4368

7.7HIGH

Key Information:

Vendor: Netscaler
Status: Adc; Gateway
Vendor: CVE Published:; 23 March 2026

What is CVE-2026-4368?

A race condition vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway (including SSL VPN, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. This vulnerability may allow for a user session mixup, compromising user data integrity and leading to unauthorized access to sensitive information. Administrators are urged to apply patches and review their configurations to mitigate the risks associated with this vulnerability.

Affected Version(s)

ADC 14.1.66.54

Gateway 14.1.66.54

References

https://support.citrix.com/support-home/kbsearch/article?...

CVSS V4

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2026
Vulnerability Reserved
Mar 18, 2026

CVE-2026-4368 Data

JSON

Netscaler

What is CVE-2026-4368?

Affected Version(s)

References

CVSS V4

Timeline