CVE-2026-4368 HIGH

CVE-2026-4368: Race Condition leading to User Session Mixup

Vendor Netscaler
Product ADC
Published March 23, 2026
Last update May 10, 2026

CVSS base score

7.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

Key dates

02Disclosure timeline

March 23, 2026 CVE published
May 10, 2026 Record updated