ADC
by Netscaler
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4368 | Hig | 0.50 | — | 0.04 | Mar 23, 2026 | Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup | ||
| CVE-2023-3519 | 0.28 | — | 0.99 | KEV | Jul 19, 2023 | Unauthenticated remote code execution | ||
| CVE-2025-5777 | 0.26 | — | 1.00 | KEV | Jun 17, 2025 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||
| CVE-2026-3055 | 0.22 | — | 0.84 | KEV | Mar 23, 2026 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread | ||
| CVE-2020-8193 | 0.20 | — | 0.88 | KEV | Jul 10, 2020 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. | ||
| CVE-2020-8195 | 0.18 | — | 0.33 | KEV | Jul 10, 2020 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | ||
| CVE-2020-8196 | 0.17 | — | 0.26 | KEV | Jul 10, 2020 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | ||
| CVE-2025-7775 | 0.13 | — | 0.19 | KEV | Aug 26, 2025 | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler… | ||
| CVE-2025-6543 | 0.12 | — | 0.10 | KEV | Jun 25, 2025 | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | ||
| CVE-2020-8191 | 0.07 | — | 0.23 | Jul 10, 2020 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). | |||
| CVE-2020-8194 | 0.06 | — | 0.11 | Jul 10, 2020 | Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | |||
| CVE-2023-24487 | 0.03 | — | 0.01 | Jul 10, 2023 | Arbitrary file read in Citrix ADC and Citrix Gateway | |||
| CVE-2020-8300 | 0.01 | — | 0.03 | Jun 16, 2021 | Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or… | |||
| CVE-2025-7776 | 0.00 | — | 0.07 | Aug 26, 2025 | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | |||
| CVE-2025-5349 | 0.00 | — | 0.04 | Jun 17, 2025 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | |||
| CVE-2024-8535 | 0.00 | — | 0.00 | Nov 12, 2024 | Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the… | |||
| CVE-2024-8534 | 0.00 | — | 0.01 | Nov 12, 2024 | Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy… | |||
| CVE-2024-5492 | 0.00 | — | 0.01 | Jul 10, 2024 | Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway | |||
| CVE-2024-5491 | 0.00 | — | 0.01 | Jul 10, 2024 | Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler | |||
| CVE-2022-37719 | 0.00 | — | 0.00 | Jan 23, 2023 | A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. |
- risk 0.50cvss —epss 0.04
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
- risk 0.28cvss —epss 0.99
Unauthenticated remote code execution
- risk 0.26cvss —epss 1.00
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- risk 0.22cvss —epss 0.84
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
- risk 0.20cvss —epss 0.88
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints.
- risk 0.18cvss —epss 0.33
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
- risk 0.17cvss —epss 0.26
Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users.
- risk 0.13cvss —epss 0.19
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler…
- risk 0.12cvss —epss 0.10
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- CVE-2020-8191Jul 10, 2020risk 0.07cvss —epss 0.23
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
- CVE-2020-8194Jul 10, 2020risk 0.06cvss —epss 0.11
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
- CVE-2023-24487Jul 10, 2023risk 0.03cvss —epss 0.01
Arbitrary file read in Citrix ADC and Citrix Gateway
- CVE-2020-8300Jun 16, 2021risk 0.01cvss —epss 0.03
Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or…
- CVE-2025-7776Aug 26, 2025risk 0.00cvss —epss 0.07
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
- CVE-2025-5349Jun 17, 2025risk 0.00cvss —epss 0.04
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
- CVE-2024-8535Nov 12, 2024risk 0.00cvss —epss 0.00
Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the…
- CVE-2024-8534Nov 12, 2024risk 0.00cvss —epss 0.01
Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy…
- CVE-2024-5492Jul 10, 2024risk 0.00cvss —epss 0.01
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
- CVE-2024-5491Jul 10, 2024risk 0.00cvss —epss 0.01
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
- CVE-2022-37719Jan 23, 2023risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) in the management portal of JetNexus/EdgeNexus ADC 4.2.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.
Page 1 of 2