CVE-2026-4368

HIGH

Race Condition leading to User Session Mixup

Title source: cna

Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

References (1)

Core 1

Core References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300

Scores

CVSS v4 7.7

EPSS 0.0362

EPSS Percentile 88.0%

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-362

Status published

Products (2)

NetScaler/ADC 14.1.66.54

NetScaler/Gateway 14.1.66.54

Published Mar 23, 2026

Tracked Since Mar 24, 2026