Skip to main content

Netscaler Application Delivery Controller

25 CVEs product

Monthly

CVE-2026-8655 HIGH PATCH NEWS This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Oracle Denial Of Service Buffer Overflow Netscaler Application Delivery Controller +1
NVD VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-8452 HIGH PATCH NEWS This Week

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Citrix Denial Of Service Buffer Overflow Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-8451 HIGH POC PATCH NEWS This Week

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable.

Citrix Information Disclosure Buffer Overflow Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB GitHub
CVSS 4.0
8.8
EPSS
0.5%
CVE-2026-13474 HIGH PATCH NEWS This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Denial Of Service Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-10817 MEDIUM PATCH NEWS This Month

Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.

Citrix Buffer Overflow Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
6.9
EPSS
0.4%
CVE-2026-10816 HIGH PATCH NEWS This Week

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. Exposure is gated by the management interface being reachable, which limits but does not eliminate risk given NetScaler's history of attacker targeting.

Citrix Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD VulDB
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-7776 HIGH CERT-EU This Month

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
8.8
EPSS
0.2%
CVE-2025-7775 CRITICAL KEV THREAT CERT-EU Act Now

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability enabling remote code execution and denial of service when configured as VPN, AAA, or load balancing virtual servers.

Denial Of Service Buffer Overflow RCE Citrix Netscaler Application Delivery Controller +1
NVD
CVSS 4.0
9.2
EPSS
6.6%
CVE-2025-6543 CRITICAL POC KEV EUVD KEV PATCH THREAT CERT-EU Emergency

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.

Citrix Denial Of Service Netscaler Gateway Netscaler Application Delivery Controller
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
Threat
5.0
CVE-2025-5777 HIGH POC KEV PATCH THREAT CERT-EU Act Now

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs.

Information Disclosure Citrix Memory Corruption Netscaler Gateway Netscaler Application Delivery Controller
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
69.8%
Threat
6.6
CVE-2025-5349 HIGH POC PATCH CERT-EU This Week

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthenticated attackers on the adjacent network to gain high-impact unauthorized access (confidentiality, integrity, and availability compromise) without requiring user interaction. This is a critical flaw affecting widely-deployed Citrix infrastructure used by enterprises for application delivery and remote access, with high CVSS 8.8 score reflecting the severity of direct control plane compromise.

Citrix Information Disclosure Netscaler Gateway Netscaler Application Delivery Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-8535 MEDIUM This Month

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
5.8
EPSS
0.4%
CVE-2024-8534 HIGH This Week

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Citrix Denial Of Service Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
8.4
EPSS
0.6%
CVE-2024-5492 MEDIUM This Month

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
5.1
EPSS
0.6%
CVE-2024-5491 HIGH This Week

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 4.0
7.2
EPSS
0.8%
CVE-2023-4967 HIGH POC This Week

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Citrix Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3467 HIGH This Week

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
8.0
EPSS
2.1%
CVE-2023-3466 MEDIUM This Month

Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
6.1
EPSS
3.0%
CVE-2018-5314 HIGH This Week

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Command Injection Netscaler Application Delivery Controller Netscaler Gateway +1
NVD
CVSS 3.0
7.5
EPSS
2.8%
CVE-2015-3642 MEDIUM This Month

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Oracle Information Disclosure Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2014-4347 MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware Netscaler Access Gateway Netscaler Application Delivery Controller Firmware +1
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2014-4346 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller Netscaler Access Gateway Firmware +1
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2014-2882 CRITICAL Act Now

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware Netscaler Application Delivery Controller Firmware Netscaler Access Gateway +1
NVD VulDB
CVSS 2.0
10.0
EPSS
0.2%
CVE-2014-2881 CRITICAL Act Now

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Java Netscaler Access Gateway Firmware Netscaler Application Delivery Controller Firmware +2
NVD VulDB
CVSS 2.0
10.0
EPSS
0.4%
CVE-2013-6011 HIGH This Week

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Firmware Netscaler Application Delivery Controller
NVD
CVSS 2.0
7.8
EPSS
0.6%
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway stems from multiple memory overflow conditions that produce unpredictable or erroneous behavior when the appliance is configured for specific DNS or load-balancing roles. Remote unauthenticated attackers can send crafted traffic to a vulnerable appliance to crash or destabilize it, with the CVSS 4.0 score of 8.8 driven primarily by high availability impact. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Oracle Denial Of Service +3
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Denial of service and memory corruption in Citrix NetScaler ADC and NetScaler Gateway allows remote unauthenticated attackers to trigger unpredictable or erroneous appliance behavior when the device is deployed as a Gateway (SSL VPN, ICA Proxy, CVPN, or RDP Proxy) or as an AAA virtual server. The CVSS 4.0 vector (AV:N/AC:L/PR:N/UI:N) indicates network-reachable, low-complexity exploitation with no authentication, and the high confidentiality impact suggests memory contents may be exposed alongside the DoS condition. There is no public exploit identified at time of analysis and the CVE is not on CISA KEV.

Citrix Denial Of Service Buffer Overflow +2
NVD VulDB
EPSS 1% CVSS 8.8
HIGH POC PATCH This Week

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable.

Citrix Information Disclosure Buffer Overflow +2
NVD VulDB GitHub
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Denial of service in Citrix NetScaler ADC and NetScaler Gateway allows remote attackers to crash or render unresponsive the appliance by sending malformed HTTP/2 requests, but only when HTTP/2 is enabled in the HTTP Profile and bound to an LB, CS, or VPN virtual server or service. The CVSS 4.0 score of 8.7 reflects high availability impact with no confidentiality or integrity loss, exploitable over the network without authentication or user interaction. There is no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Citrix Denial Of Service Netscaler Application Delivery Controller +1
NVD VulDB
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Memory overread in Citrix NetScaler ADC and NetScaler Gateway exposes low-confidence partial memory contents to unauthenticated remote attackers when TCP TimeStamp processing is triggered against a misconfigured or specifically configured TCP Profile. The vulnerability is rooted in insufficient input validation (CWE-125) within the TCP TimeStamp handling code path, affecting virtual servers of type Load Balancer, Content Switching, and VPN, as well as configured services. No public exploit code has been identified and this CVE is not listed in the CISA KEV catalog at time of analysis, though the network-accessible, zero-privilege attack vector warrants prompt patching given NetScaler's broad enterprise deployment.

Citrix Buffer Overflow Information Disclosure +2
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Arbitrary file read in Citrix NetScaler ADC and NetScaler Gateway lets unauthenticated attackers on an adjacent network retrieve sensitive files from the appliance when the NSIP, Cluster Management IP, or a SNIP has management access enabled. The flaw (CWE-73, external control of file name or path) carries a CVSS 4.0 base score of 7.1 with high confidentiality impact, and no public exploit identified at time of analysis. Exposure is gated by the management interface being reachable, which limits but does not eliminate risk given NetScaler's history of attacker targeting.

Citrix Information Disclosure Netscaler Application Delivery Controller +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Month

Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Citrix +2
NVD
EPSS 7% CVSS 9.2
CRITICAL KEV THREAT Act Now

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability enabling remote code execution and denial of service when configured as VPN, AAA, or load balancing virtual servers.

Denial Of Service Buffer Overflow RCE +3
NVD
EPSS 2% 5.0 CVSS 9.8
CRITICAL POC KEV EUVD KEV PATCH THREAT Emergency

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution.

Citrix Denial Of Service Netscaler Gateway +1
NVD GitHub
EPSS 70% 6.6 CVSS 7.5
HIGH POC KEV PATCH THREAT Act Now

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs.

Information Disclosure Citrix Memory Corruption +2
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Improper access control vulnerability in NetScaler ADC and NetScaler Gateway management interfaces that allows unauthenticated attackers on the adjacent network to gain high-impact unauthorized access (confidentiality, integrity, and availability compromise) without requiring user interaction. This is a critical flaw affecting widely-deployed Citrix infrastructure used by enterprises for application delivery and remote access, with high CVSS 8.8 score reflecting the severity of direct control plane compromise.

Citrix Information Disclosure Netscaler Gateway +1
NVD GitHub
EPSS 0% CVSS 5.8
MEDIUM This Month

Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Citrix +2
NVD
EPSS 1% CVSS 8.4
HIGH This Week

Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Citrix Denial Of Service +2
NVD
EPSS 1% CVSS 5.1
MEDIUM This Month

Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Citrix Netscaler Application Delivery Controller +1
NVD
EPSS 1% CVSS 7.2
HIGH This Week

Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler. Rated high severity (CVSS 7.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Citrix +2
NVD
EPSS 2% CVSS 8.0
HIGH This Week

Privilege Escalation to root administrator (nsroot). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Netscaler Application Delivery Controller Netscaler Gateway
NVD
EPSS 3% CVSS 6.1
MEDIUM This Month

Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netscaler Application Delivery Controller Netscaler Gateway
NVD
EPSS 3% CVSS 7.5
HIGH This Week

Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Citrix Command Injection +3
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x before 9.3 Build 68.5, 10.0 through Build 78.6,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Citrix Oracle Information Disclosure +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition) before 9.3-62.4 and 10.x before 10.1-126.12 allows attackers to obtain. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware +3
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in administration user interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway (formerly Access Gateway Enterprise Edition). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Citrix Netscaler Application Delivery Controller Firmware +3
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Netscaler Access Gateway Firmware +3
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in the Diffie-Hellman key agreement implementation in the management GUI Java applet in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Information Disclosure Java +4
NVD VulDB
EPSS 1% CVSS 7.8
HIGH This Week

Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Citrix Denial Of Service Netscaler Application Delivery Controller Firmware +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy