Race condition in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2026-4368

 

Race condition in Citrix Netscaler ADC and Citrix NetScaler Gateway - CVE-2026-4368

Published: March 23, 2026


Vulnerability identifier: #VU124256
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-4368
CWE-ID: CWE-362
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Citrix
Affected software:
Citrix Netscaler ADC
Citrix NetScaler Gateway

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition. A remote user can exploit the race and compromise session of another user.

Successful exploitation of the vulnerability requires that the appliance is configured as Gateway or AAA virtual server. 


How to mitigate CVE-2026-4368

Install updates from vendor's website.

Sources