A critical vulnerability (CVE-2026-3055, CVSS 9.8) in Citrix NetScaler ADC and Gateway allows remote attackers to trigger denial of service and information disclosure conditions. Affected versions include NetScaler ADC/Gateway 13.1 before 13.1-62.23 and 14.1 before 14.1-60.58, as well as specific FIPS/NDcPP builds before 13.1-37.262. The vendor has released fixed versions, and immediate patching is critical as this vulnerability is being actively exploited.
Multiple vulnerabilities were identified in Citrix Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition and sensitive information disclosure on the targeted system. Note: CVE-2026-3055 is being exploited in the wild. The vulnerability is caused... Impact Information Disclosure Denial of Service System / Technologies affected NetScaler ADC and NetScaler Gateway 14.1-66.54 NetScaler ADC and NetScaler Gateway 14.1 BEFORE 14.1-60.58 NetScaler ADC and NetScaler Gateway 13.1 BEFORE 13.1-62.23 NetScaler ADC FIPS and NDcPP BEFORE 13.1-37.262 Solutions Before installation of the software, please visit the vendor web-site for more details. Apply fixes issued by the vendor: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300