Main Vulnerability Database Vulnerabilities #VU124256

#VU124256 Race condition in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2026-4368

Published: March 23, 2026

Vulnerability identifier: #VU124256

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-4368

CWE-ID: CWE-362

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Citrix Netscaler ADC
Citrix NetScaler Gateway

Software vendor:
Citrix

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition. A remote user can exploit the race and compromise session of another user.

Successful exploitation of the vulnerability requires that the appliance is configured as Gateway or AAA virtual server.

Install updates from vendor's website.