【資安漏洞預警】Citrix旗下NetScaler ADC 和 NetScaler Gateway 存在重大資安漏洞(CVE-2026-3055)
[Security Vulnerability Alert] Citrix's NetScaler ADC and NetScaler Gateway have a critical cybersecurity vulnerability (CVE-2026-3055).

發布單位:圖資處數位服務組
日期範圍:2026/3/30 ~ 2026/9/30
 
發布單位:圖資處數位服務組
日期範圍:2026/3/30 ~ 2026/9/30
行政 行政公告
全體

轉發 台灣電腦網路危機處理暨協調中心 資安訊息警訊 TWCERTCC-200-202603-00000021

[內容說明]
Citrix旗下NetScaler ADC (原名為Citrix ADC)是一款網路設備,專為優化、保護及管理企業應用程式與雲端服務而設計;NetScaler Gateway (原名為Citrix Gateway)則提供安全的遠端存取解決方案,讓使用者能夠從任何地點安全存取應用程式和資料。
近日,Citrix發布重大資安漏洞公告(CVE-2026-3055,CVSS 4.x:9.3),此為越界讀取漏洞,起因為輸入驗證不足導致記憶體過度讀取。

[影響平台]
NetScaler ADC 和 NetScaler Gateway 14.1-60.58(不含)之前版本
NetScaler ADC 和 NetScaler Gateway 13.1-62.23(不含)之前版本
NetScaler ADC FIPS and NDcPP 13.1-37.262(不含)之前版本

[建議措施]
請更新至以下版本:
NetScaler ADC 和 NetScaler Gateway 14.1-60.58(含)之後版本、 NetScaler ADC 和 NetScaler Gateway 13.1-62.23(含)之後版本、 NetScaler ADC FIPS and NDcPP 13.1-37.262(含)之後版本

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10799-be596-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000021

[Content Description]
Citrix's NetScaler ADC (formerly Citrix ADC) is a network device designed to optimize, protect, and manage enterprise applications and cloud services; NetScaler Gateway (formerly Citrix Gateway) provides a secure remote access solution, allowing users to securely access applications and data from anywhere.

Recently, Citrix released a critical cybersecurity vulnerability announcement (CVE-2026-3055, CVSS 4.x: 9.3). This is an out-of-bounds read vulnerability caused by insufficient input validation leading to excessive memory reads.

[Affected Platforms]
NetScaler ADC and NetScaler Gateway versions prior to 14.1-60.58 (excluding 60.58)
NetScaler ADC and NetScaler Gateway versions prior to 13.1-62.23 (excluding 62.23)
NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.262 (excluding 37.262)

[Recommended Actions]
Please update to the following versions:
NetScaler ADC and NetScaler Gateway versions 14.1-60.58 (inclusive) and later, NetScaler ADC and NetScaler Gateway versions 13.1-62.23 (inclusive) and later, NetScaler ADC FIPS and NDcPP versions 13.1-37.262 (inclusive) and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10799-be596-1.html


相關附件
system_update_alt參考資料
【返回上頁】
Top↑