Multiple Vulnerabilities in NetScaler ADC and NetScaler Gateway Could Allow for Memory Overread

Multiple vulnerabilities were disclosed in Citrix NetScaler ADC and NetScaler Gateway, most notably CVE-2026-3055 — an out-of-bounds memory read that can expose highly sensitive credentials from appliance memory and potentially enable remote code execution — and CVE-2026-4368, a race condition impacting Gateway and AAA virtual server configurations. Exploitation requires the appliance to be configured as a SAML Identity Provider for CVE-2026-3055 and may allow attackers to gain initial access or escalate to RCE against affected public-facing appliances.