256
CVEs
54
Critical
99
High
15
KEV
51
PoC
123
Unpatched C/H
21.1%
Patch Rate
6.6%
Avg EPSS
Severity Breakdown
CRITICAL
54
HIGH
99
MEDIUM
99
LOW
4
Monthly CVE Trend
Affected Products (30)
Netscaler Gateway Firmware
30
Netscaler Application Delivery Controller Firmware
29
Netscaler Gateway
23
Netscaler Application Delivery Controller
23
Application Delivery Controller Firmware
21
Xenmobile Server
18
Sd Wan
18
Netscaler Sd Wan
15
Xenserver
13
Gateway Firmware
12
Workspace
12
Gateway
10
Sd Wan Wanop
9
Sharefile Storagezones Controller
8
Cloudportal Services Manager
8
Netscaler
7
Xendesktop
7
Debian Linux
6
Xenapp
6
Xen
6
Netscaler Access Gateway
6
Netscaler Access Gateway Firmware
6
Wireshark
6
Provisioning Services
6
Virtual Apps And Desktops
5
Cloudplatform
4
Netscaler Console
4
Cloudstack
4
Open Redirect
4
Application Delivery Management
4
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2017-6316 | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 87.8% | 207 |
KEV
PoC
No patch
|
| CVE-2025-5777 | Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory overread when configured as VPN or AAA virtual server. KEV-listed with EPSS 69.8% and public PoC, this vulnerability enables remote unauthenticated attackers to read sensitive data from the appliance's memory, potentially exposing session tokens, credentials, and encryption keys — similar to the Heartbleed class of memory disclosure bugs. | HIGH | 7.5 | 69.8% | 177 |
KEV
PoC
|
| CVE-2012-0217 | The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 88.0%. | HIGH | 7.2 | 88.0% | 159 |
PoC
No patch
|
| CVE-2017-17382 | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 78.3%. | MEDIUM | 5.9 | 78.3% | 128 |
PoC
No patch
|
| CVE-2025-6543 | Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended control flow and denial of service when configured as VPN or AAA virtual server. KEV-listed with public PoC, this vulnerability paired with CVE-2025-5777 (memory overread) indicates a systemic weakness in NetScaler's VPN request processing that enables both data theft and remote code execution. | CRITICAL | 9.8 | 2.0% | 121 |
KEV
PoC
|
| CVE-2026-3055 | An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a SAML Identity Provider, allowing attackers to trigger a memory overread condition. The vulnerability affects both the NetScaler ADC and NetScaler Gateway products across multiple versions, and successful exploitation could lead to information disclosure by reading adjacent memory contents. While no CVSS score or EPSS data is currently published, the CWE-125 classification (Out-of-bounds Read) combined with the SAML IDP configuration context suggests moderate to high real-world risk for organizations relying on these devices for identity management. | CRITICAL | 9.3 | 0.0% | 117 |
KEV
PoC
|
| CVE-2015-2682 | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 34.7%. | MEDIUM | 5.0 | 34.7% | 80 |
PoC
No patch
|
| CVE-2026-8451 | Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the appliance is configured as a SAML identity provider (IDP), enabling disclosure of sensitive in-memory data such as tokens, session material, or other process memory. The CVSS 4.0 score of 8.8 reflects network-reachable, unauthenticated exploitation (PR:N) with high confidentiality and availability impact; no public exploit identified at time of analysis and the issue is not listed in CISA KEV. The flaw belongs to the same class of NetScaler appliance vulnerabilities (e.g., Citrix Bleed-style memory disclosure) that have historically drawn aggressive exploitation, making prompt patching advisable. | HIGH | 8.8 | 0.5% | 70 |
PoC
|
| CVE-2018-10653 | There is an XML External Entity (XXE) Processing Vulnerability in Citrix XenMobile Server 10.8 before RP2 and 10.7 before RP3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 6.8% | 69 |
PoC
No patch
|
| CVE-2019-10883 | Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 65.5% | 69 |
PoC
No patch
|
| CVE-2019-12985 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 39.5% | 69 |
PoC
No patch
|
| CVE-2019-12986 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 39.5% | 69 |
PoC
No patch
|
| CVE-2019-12987 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 42.6% | 69 |
PoC
No patch
|
| CVE-2019-12988 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 39.5% | 69 |
PoC
No patch
|
| CVE-2019-12989 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. | CRITICAL | 9.8 | 94.0% | 69 |
KEV
PoC
No patch
|