The NCSC recommends following vendor best practice advice to mitigate vulnerabilities. In this case, Citrix has released the following updated versions that should be installed as soon as possible:
- NetScaler ADC and NetScaler Gateway 14.1-66.59 and later releases
- NetScaler ADC and NetScaler Gateway 13.1-62.23 and later releases of 13.1
- NetScaler ADC 13.1-FIPS and 13.1-NDcPP 13.1.37.262 and later releases of 13.1-FIPS and 13.1-NDcPP
The vendor has also released the following specific checks that organisations can perform to determine whether their appliances are configured in such a way that they would be vulnerable:
CVE-2026-3055
Customers can determine if they have an appliance configured as a SAML IDP Profile by inspecting their NetScaler Configuration for the specified string:
Add authentication samlIdPProfile .*
CVE-2026-4368
Customers can determine if they have an appliance configured as one of the following by inspecting their NetScaler Configuration for the specified strings
An Auth Server (AAA Vserver):
add authentication vserver .*
A Gateway (VPN Vserver, ICA Proxy, CVPN, RDP Proxy):
Affected users should continue to monitor the Citrix security bulletin for any further updates.
