CVE-2026-4368 is a race condition vulnerability identified in Citrix NetScaler ADC and NetScaler Gateway appliances when configured as Gateway services (including SSL VPN, ICA Proxy, CVPN, and RDP Proxy) or as AAA virtual servers. The vulnerability arises due to improper handling of concurrent session requests, leading to user session mixups where one user's session data may be incorrectly associated with another user. This flaw compromises session integrity and confidentiality, potentially allowing an attacker with low privileges and network access to intercept or manipulate user sessions. The vulnerability has a CVSS 4.0 base score of 7.7, indicating high severity, with an attack vector over the network, low attack complexity, partial authentication required, and no user interaction needed. The impact covers confidentiality, integrity, and availability, as session mixups can lead to unauthorized access or denial of service. The affected version is specifically 14.1.66.54 of NetScaler ADC. Although no public exploits are known, the vulnerability's nature and affected components make it a significant risk for environments relying on NetScaler for secure remote access and authentication. The race condition likely occurs during session establishment or validation, where concurrent requests are not properly synchronized, causing session identifiers or tokens to be incorrectly assigned or reused.

The vulnerability can lead to unauthorized access to user sessions, exposing sensitive data and allowing attackers to impersonate legitimate users. This undermines the confidentiality and integrity of remote access sessions, potentially enabling lateral movement within networks or access to critical internal resources. Session mixups can also cause denial of service by disrupting legitimate user sessions. Organizations relying on NetScaler ADC for SSL VPN, ICA Proxy, CVPN, or RDP Proxy services are at risk of compromised remote access security, which is critical for business continuity and data protection. The requirement for partial authentication lowers the barrier for exploitation compared to fully authenticated attacks, increasing risk. The vulnerability could be leveraged in targeted attacks against enterprises, government agencies, and service providers that use NetScaler appliances extensively for secure remote connectivity.

1. Apply vendor patches or updates as soon as they become available for NetScaler ADC version 14.1.66.54 or affected versions. 2. If patches are not immediately available, consider temporarily disabling or limiting the use of Gateway and AAA virtual server features to reduce exposure. 3. Implement strict network segmentation to isolate NetScaler appliances from untrusted networks and limit access to management interfaces. 4. Enable detailed logging and monitoring of session activity to detect anomalies indicative of session mixups or unauthorized access attempts. 5. Use multi-factor authentication (MFA) to add an additional layer of security beyond partial authentication. 6. Conduct regular security assessments and penetration testing focused on remote access infrastructure to identify potential exploitation attempts. 7. Educate administrators and users about the risks and signs of session hijacking or mixups to improve incident response readiness.