Skip to main content

NetScaler ADC CVE-2026-10816

| EUVDEUVD-2026-40310 HIGH
External Control of File Name or Path (CWE-73)
2026-06-30 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 GHSA-jxcr-w9q6-gmhx
7.1
CVSS 4.0 · Vendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Share

Severity by source

Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5) PRIMARY
7.1 HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ENISA EUVD
HIGH
qualitative
vuln.today AI
6.5 MEDIUM

Adjacent management-interface access (AV:A), no auth or interaction (PR:N/UI:N), low complexity; arbitrary file read yields C:H with no integrity or availability impact (I:N/A:N).

3.1 AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (50a63c94-1ea7-4568-8c11-eb79e7c5a2b5).

CVSS VectorVendor: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jun 30, 2026 - 15:01 EUVD
Analysis Generated
Jun 30, 2026 - 13:30 vuln.today

DescriptionCVE.org

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

AnalysisAI

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain adjacent-network access to management interface
Delivery
Send crafted request to NSIP/Cluster IP/SNIP
Exploit
Manipulate file path parameter (CWE-73)
Execution
Read sensitive appliance files
Impact
Exfiltrate configuration/credential data

Vulnerability AssessmentAI

Exploitation Exploitation requires that management access be enabled and reachable on the NSIP, Cluster Management IP, or a SNIP, and that the attacker have adjacent-network access to that management interface (CVSS AV:A, not full Internet-wide network reach). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N) describes an adjacent-network, low-complexity, unauthenticated attack with high confidentiality impact and no special attack requirements, scoring 7.1 (High). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker positioned on the same network segment as an exposed NetScaler management interface (NSIP, Cluster Management IP, or a management-enabled SNIP) sends a crafted request that manipulates a file path parameter to read sensitive files - such as configuration data or credentials - from the appliance without authenticating. Because the attack is low-complexity and requires no user interaction, a single adjacent host (e.g., a compromised device on a poorly segmented management LAN) is sufficient; no public exploit code has been identified at time of analysis.
Remediation Apply the fixed builds published by Citrix in advisory CTX696604 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604); exact patched version numbers were not present in the supplied data, so confirm them directly from that advisory before scheduling the upgrade. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit network connectivity to all NetScaler NSIP, Cluster Management IP, and SNIP interfaces; document which have external or adjacent-network reachability. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-5777 HIGH POC
7.5 Jun 17

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o

CVE-2025-6543 CRITICAL POC
9.8 Jun 25

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2025-5349 HIGH POC
8.8 Jun 17

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthent

CVE-2023-4967 HIGH POC
7.5 Oct 27

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CV

CVE-2014-2881 CRITICAL
10.0 May 01

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix

CVE-2014-2882 CRITICAL
10.0 May 01

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler

CVE-2026-8452 HIGH
8.8 Jun 30

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated atta

CVE-2026-8655 HIGH
8.8 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that prod

CVE-2026-13474 HIGH
8.7 Jun 30

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive

CVE-2024-8534 HIGH
8.4 Nov 12

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appli

CVE-2023-3467 HIGH
8.0 Jul 19

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack co

Share

CVE-2026-10816 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy