SB2026032373 - Race condition in Citrix Netscaler ADC and Citrix NetScaler Gateway
Published: March 23, 2026
Security Bulletin ID
SB2026032373
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Race condition (CVE-ID: CVE-2026-4368)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to a race condition. A remote user can exploit the race and compromise session of another user.
Successful exploitation of the vulnerability requires that the appliance is configured as Gateway or AAA virtual server.
Remediation
Install update from vendor's website.