Netscaler
Products
10- 9 CVEs
- 7 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
22| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12989 | Cri | 0.86 | 9.8 | 0.94 | KEV | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. | |
| CVE-2025-5777 | Hig | 0.78 | 7.5 | 1.00 | KEV | Jun 17, 2025 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | |
| CVE-2019-12991 | Hig | 0.78 | 8.8 | 0.74 | KEV | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | |
| CVE-2025-6543 | Cri | 0.76 | 9.8 | 0.10 | KEV | Jun 25, 2025 | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | |
| CVE-2019-10883 | Cri | 0.69 | 9.8 | 0.65 | Jun 3, 2019 | Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection. | ||
| CVE-2019-12990 | Cri | 0.67 | 9.8 | 0.39 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | ||
| CVE-2019-12988 | Cri | 0.67 | 9.8 | 0.43 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | ||
| CVE-2019-12987 | Cri | 0.67 | 9.8 | 0.44 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | ||
| CVE-2019-12986 | Cri | 0.67 | 9.8 | 0.40 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | ||
| CVE-2019-12985 | Cri | 0.67 | 9.8 | 0.43 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | ||
| CVE-2019-12992 | Hig | 0.61 | 8.8 | 0.49 | Jul 16, 2019 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | ||
| CVE-2024-6235 | Hig | 0.59 | 8.8 | 0.21 | Jul 10, 2024 | Sensitive information disclosure in NetScaler Console | ||
| CVE-2024-12284 | Hig | 0.58 | 8.8 | 0.12 | Feb 20, 2025 | Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | ||
| CVE-2025-5349 | Hig | 0.57 | 8.8 | 0.04 | Jun 17, 2025 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | ||
| CVE-2026-4368 | Hig | 0.50 | — | 0.04 | Mar 23, 2026 | Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup | ||
| CVE-2025-4365 | Hig | 0.49 | 7.5 | 0.07 | Jun 17, 2025 | Arbitrary file read in NetScaler Console and NetScaler SDX (SVM) | ||
| CVE-2024-6236 | Hig | 0.49 | 7.5 | 0.01 | Jul 10, 2024 | Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX | ||
| CVE-2019-11345 | Med | 0.40 | 6.1 | 0.01 | Mar 10, 2020 | Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS. | ||
| CVE-2019-11550 | Med | 0.38 | 5.9 | 0.01 | May 8, 2019 | Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | ||
| CVE-2026-3055 | 0.22 | — | 0.84 | KEV | Mar 23, 2026 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread |
- risk 0.86cvss 9.8epss 0.94
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection.
- risk 0.78cvss 7.5epss 1.00
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- risk 0.78cvss 8.8epss 0.74
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
- risk 0.76cvss 9.8epss 0.10
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
- risk 0.69cvss 9.8epss 0.65
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow Command Injection.
- risk 0.67cvss 9.8epss 0.39
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
- risk 0.67cvss 9.8epss 0.43
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6).
- risk 0.67cvss 9.8epss 0.44
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6).
- risk 0.67cvss 9.8epss 0.40
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6).
- risk 0.67cvss 9.8epss 0.43
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6).
- risk 0.61cvss 8.8epss 0.49
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).
- risk 0.59cvss 8.8epss 0.21
Sensitive information disclosure in NetScaler Console
- risk 0.58cvss 8.8epss 0.12
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
- risk 0.57cvss 8.8epss 0.04
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
- risk 0.50cvss —epss 0.04
Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
- risk 0.49cvss 7.5epss 0.07
Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)
- risk 0.49cvss 7.5epss 0.01
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
- risk 0.40cvss 6.1epss 0.01
Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS.
- risk 0.38cvss 5.9epss 0.01
Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation.
- risk 0.22cvss —epss 0.84
Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread