The NCSC has issued an alert regarding two vulnerabilities in customer-managed Citrix NetScaler ADC and Gateway appliances. CVE-2026-3055 allows for a memory overread in SAML IDP configurations, while CVE-2026-4368 causes user session mixups via a race condition in Gateway or AAA virtual server configurations. Immediate patching is strongly recommended.