Unauthenticated remote code execution
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HCitrix Netscaler Application Delivery Controller
APPCitrix12.1 – 12.1-55.297 (bez)13.0 – 13.0-91.13 (bez)13.1 – 13.1-37.159 (bez)13.1 – 13.1-49.13 (bez)Citrix Netscaler Gateway
APPCitrix13.0 – 13.0-91.13 (bez)13.1 – 13.1-49.13 (bez)
CISA KEV — detailsi
- Vendori
- Citrix ↗
- Producti
- NetScaler ADC and NetScaler Gateway
- Added to KEVi
- July 19, 2023
- Remediation deadline (US Federal)i
- August 9, 2023(overdue)
- Ransomwarei
- Active ransomware campaigns exploit this vulnerability
Required action (CISA)i
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
CISA descriptioni
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.
🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
☠️WYKORZYSTYWANE W RANSOMWARE⏰CISA DEADLINE: 9 sierpnia 2023
Tags
RCE
Related vulnerabilities
CVE-2026-3055CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Citrix NetScaler ADC/Gateway — memory overread przez SAML IDP
CVE-2025-7775CRITICAL9.2⚠ KEVPL ✓ten sam produkt
Przepełnienie pamięci w Citrix NetScaler ADC i Gateway — RCE/DoS
CVE-2025-6543CRITICAL9.2⚠ KEVPL ✓ten sam produkt
Przepełnienie pamięci w Citrix NetScaler ADC i Gateway – RCE/DoS przez VPN
CVE-2025-5777CRITICAL9.3⚠ KEVPL ✓ten sam produkt
CitrixBleed 2 — memory overread w Citrix NetScaler ADC i Gateway
CVE-2023-4966CRITICAL9.4⚠ KEVten sam produkt
Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virt...