Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000021

[Content Description]
Citrix's NetScaler ADC (formerly Citrix ADC) is a network device designed to optimize, protect, and manage enterprise applications and cloud services; NetScaler Gateway (formerly Citrix Gateway) provides a secure remote access solution, allowing users to securely access applications and data from anywhere.

Recently, Citrix released a critical cybersecurity vulnerability announcement (CVE-2026-3055, CVSS 4.x: 9.3). This is an out-of-bounds read vulnerability caused by insufficient input validation leading to excessive memory reads.

[Affected Platforms]
NetScaler ADC and NetScaler Gateway versions prior to 14.1-60.58 (excluding 60.58)
NetScaler ADC and NetScaler Gateway versions prior to 13.1-62.23 (excluding 62.23)
NetScaler ADC FIPS and NDcPP versions prior to 13.1-37.262 (excluding 37.262)

[Recommended Actions]
Please update to the following versions:
NetScaler ADC and NetScaler Gateway versions 14.1-60.58 (inclusive) and later, NetScaler ADC and NetScaler Gateway versions 13.1-62.23 (inclusive) and later, NetScaler ADC FIPS and NDcPP versions 13.1-37.262 (inclusive) and later

[References]
1. https://www.twcert.org.tw/tw/cp-169-10799-be596-1.html