CVE-2024-5491

CVE-2024-5491 affects Citrix NetScaler ADC and NetScaler Gateway. The security bulletin CTX677944 details that the following ranges are vulnerable when using affected builds: NetScaler ADC/Gateway 14.1 before 14.1-25.53; 13.1 before 13.1-53.17; 13.0 before 13.0-92.31; 13.1-FIPS before 13.1-37.183...

CVE-2024-5492

CVE-2024-5492 is a real open redirect vulnerability in Citrix NetScaler ADC and NetScaler Gateway (remote unauthenticated attacker) described in the CTX677944 advisory. Affected versions include NetScaler ADC/Gateway 14.1 before 14.1-25.53, 13.1 before 13.1-53.17, 13.0 before 13.0-92.31, 13.1-FIP...

CVE-2024-8534

Summary: CVE-2024-8534 is a memory safety vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause memory corruption and Denial of Service when the device is configured as a Gateway/VPN Vserver with RDP features enabled (or with an RDP Proxy Server Profile) or when the Auth Serv...

CVE-2023-3519

CVE-2023-3519 is an unauthenticated remote code execution in Citrix NetScaler ADC/Gateway. Exploitation enables an attacker with network access to run arbitrary code, potentially deploy web shells and fully compromise affected systems. Public advisories and multiple connected documents describe a...

CVE-2023-4966

CVE-2023-4966 affects Citrix NetScaler ADC and NetScaler Gateway when configured as a Gateway or AAA virtual server. The issue stems from improper usage of snprintf/memory handling in the WebProc/auth pathways, causing memory disclosure via crafted responses and exposing sensitive data (e.g., aut...

CVE-2023-6549

CVE-2023-6549 : A memory-buffer boundary violation in Citrix NetScaler ADC and NetScaler Gateway allows unauthenticated denial of service and an out-of-bounds memory read when the appliance is configured as a gateway or AAA virtual server. Affected versions include NetScaler ADC/Gateway 14.1 befo...

CVE-2025-7775

CVE-2025-7775 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The CVE affects deployments where the appliance is configured as a Gateway (VPN VServer, ICA Proxy, CVPN, RDP Proxy) or AAA VServer, and also affects LB virtual servers of type HTTP, SSL, or HTTP_QUIC ...

CVE-2023-6548

CVE-2023-6548 is a Code Injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway. The issue allows authenticated remote code execution on the management interface (NSIP/CLIP/SNIP) due to improper generation of code, affecting the management plane. Exploitation has been observed in th...

CVE-2025-5777

CVE-2025-6543 is a memory overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway that can cause unintended control flow and Denial of Service when the appliance is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. The Citrix security bulle...

CVE-2023-4967

CVE-2023-4967 affects Citrix NetScaler ADC and NetScaler Gateway. The issue is a Denial of Service when the appliance is configured as a Gateway (VPN/VPN-like services) or AAA virtual server. Connected documents confirm the vulnerability scope and link to Citrix advisory CTX579459, which details ...

CVE-2025-6543

CVE-2025-6543 affects Citrix NetScaler ADC and NetScaler Gateway. The vulnerability is a memory overflow in the WebProc/AAA gateway flow triggered when processing the Host header via the /nf/auth/startwebview.do path, causing uncontrolled memory access that can lead to a Denial of Service and uni...

CVE-2023-3467

Citrix CTX561482 documents CVE-2023-3467 as part of multiple vulnerabilities affecting NetScaler ADC/Gateway. It is a Privilege Escalation to root administrator (nsroot) vulnerability. Affected versions (per the bulletin) include NetScaler ADC/Gateway 13.1 before 13.1-49.13, 13.0 before 13.0-91.1...

CVE-2023-3466

CVE-2023-3466 is a reflected Cross-Site Scripting (XSS) vulnerability affecting Citrix NetScaler ADC and NetScaler Gateway. According to Citrix CTX561482, affected versions include NetScaler ADC/Gateway 13.1 before 13.1-49.13, 13.0 before 13.0-91.13, 13.1-FIPS before 13.1-37.159, 12.1-FIPS before...

CVE-2021-22919

CVE-2021-22919 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition appliances. The vulnerability could exhaust available disk space. Affected versions (per CTX319135) include WANOP: 10.2 before 10.2.9.b, 11.2 before 11.2.3.b, 11.3 before 11.3.2.a, 11.4 before 11.4.0.a; ADC/Gateway...

CVE-2018-5314

CVE-2018-5314 affects Citrix NetScaler ADC and NetScaler Gateway (11.0/11.1/12.0) and the NetScaler LB instance in SD-WAN/CloudBridge 9.3.0, allowing a remote attacker to execute system commands or read files via an SSH login prompt. Affected versions and fixes are documented in Citrix advisories...

CVE-2025-5349

The CVE-2025-5349 issue is an Improper Access Control vulnerability in the NetScaler Management Interface of Citrix NetScaler ADC and NetScaler Gateway. Connected sources specify that exploitation would allow unauthorized access to management interfaces via NSIP/Cluster Management IP/GSLB Site IP...

CVE-2021-22927

CVE-2021-22927 affects Citrix ADC and Citrix Gateway when configured as a SAML Service Provider. The vulnerability is a session fixation flaw that could allow an attacker to hijack a user session. Affected versions include Citrix ADC/Gateway 13.0 before 13.0-82.45 (and older 12.1/11.1 lines as li...

CVE-2015-3642

Technical details for CVE-2015-3642 are not publicly available in the provided documents; monitor for updates.

CVE-2024-8535

Affected products: Citrix NetScaler ADC and NetScaler Gateway. Vulnerability: Authenticated users can access unintended user capabilities when the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with Kerberos SSO using a KCDAccount, or as an Auth Server (AAA Vserver) wi...

CVE-2020-8300

CVE-2020-8300 affects Citrix ADC and Citrix NetScaler Gateway (multiple versions) and enables SAML authentication hijack via phishing to steal a valid user session when the appliance is configured as a SAML SP or IdP. Affected versions include 13.0-82.41, 12.1-62.23, 11.1-65.20 and 12.1-FIPS befo...

CVE-2020-8245

Citrix advisory CTX281474 details CVE-2020-8245 affecting Citrix ADC, Citrix Gateway, and related SD-WAN WANOP appliances. Root cause: HTML Injection due to improper input validation in the SSL VPN web portal. Impact: HTML content injection by an authenticated victim who must open an attacker-con...

CVE-2020-8246

Vulnerability summary (CVE-2020-8246) : A DoS vulnerability in Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP is triggered by an attack originating from the management network. Affected versions include Citrix ADC and Gateway 13.0-64.35 and later, 12.1-58.15 and later, 12.1-FIPS 12.1-55.187 ...

CVE-2020-8299

CVE-2020-8299 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP Edition with a network-based DoS caused by uncontrolled resource consumption within the same Layer 2 segment. Affected versions listed in public disclosures include Citrix ADC/Gateway 13.0 before 13.0-76.29, 12.1 before 12....

CVE-2025-7776

CVE-2025-7776 is a memory overflow vulnerability in Citrix NetScaler ADC/NetScaler Gateway. Affected when Gateway or AAA Vservers are used and a PCoIP Profile is bound to the NetScaler, enabling memory corruption that leads to unpredictable behavior and Denial of Service. Remediation requires upg...

CVE-2020-8247

CVE-2020-8247 affects Citrix ADC, Citrix Gateway, and Citrix SD-WAN WANOP where the vulnerability resides in the management interface and allows escalation of privileges (CWE-269). Affected versions include Citrix ADC/Gateway 13.0-64.35+, 12.1-58.15+, 12.1-FIPS 12.1-55.187+, 11.1-65.12+, 11.2.1a+...

CVE-2026-3055

CVE-2026-3055 affects Citrix NetScaler ADC/NetScaler Gateway when configured as a SAML IDP, causing a memory overread due to insufficient input validation. Affected versions per Nessus plugin: NetScaler ADC/Gateway 14.1 prior to 14.1-66.59; 13.1 prior to 13.1-62.23; and 13.1-FIPS/NDcPP prior to 1...