CVE-2026-4368

Name of the Vulnerable Software and Affected Versions NetScaler ADC (affected versions not specified) NetScaler Gateway (affected versions not specified) NetScaler Gateway version 14.1-66.54

Description A race condition occurs in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or an AAA virtual server. A race condition is a situation where the system's behavior depends on the sequence or timing of uncontrollable events. This flaw can lead to user session mixup and allow a remote attacker to gain unauthorized access to the system or cause information disclosure via crafted requests.

Recommendations For NetScaler Gateway version 14.1-66.54, rotate certificates immediately and audit logs. At the moment, there is no information about a newer version that contains a fix for this vulnerability.