⚠ Actively exploited in ransomware campaigns
This vulnerability is on the CISA Known Exploited Vulnerabilities list and has been used in known ransomware attacks. CISA required action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.. Due date: 2023-11-08.

CVE-2023-4966CitrixBleed: Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix NetScaler

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer81 documents25 sources
Severity
7.5HIGHNVD
VulnCheck9.4
EPSS
94.3%
top 0.04%
CISA KEV
KEVRansomware
Added 2023-10-18
Due 2023-11-08
Exploit
Exploited in wild
Active exploitation observed
Affected products
6
Citrix Netscaler ADCCitrix Netscaler GatewayCitrix Netscaler Application Delivery Controller+3 more
Timeline
PublishedOct 10
KEV addedOct 18
KEV dueNov 8
Latest updateMar 28
CISA Required Action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages9 packages

CVEListV5citrix/netscaler_gateway14.18.50+2
NVDcitrix/netscaler_gateway13.013.0-92.19+2
CVEListV5citrix/netscaler_adc14.18.50+5

🔴Vulnerability Details

2
GHSA
GHSA-2g42-2pwg-93cj: Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)2023-10-10
VulnCheck
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability2023

💥Exploits & PoCs

3
Metasploit
Citrix ADC (NetScaler) Bleed Scanner
Nuclei
Citrix Bleed - Leaking Session Tokens
Nuclei
Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read

🔍Detection Rules

3
Suricata
ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)2023-10-29
Suricata
ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure Attempt (CVE-2023-4966)2023-10-29
Suricata
ET EXPLOIT Citrix ADC and NetScaler Gateway Information Disclosure - Successful Response (CVE-2023-4966)2023-10-29

📋Vendor Advisories

2
CISA
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability2023-10-18
Citrix
NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2023-4966 and CVE-2023-49672023-10-17

🕵️Threat Intelligence

68
Hackernews
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug2026-03-28
Bleepingcomputer
Citrix urges admins to patch NetScaler flaws as soon as possible2026-03-25
Hackernews
Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks2026-03-24
Rapid7
CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read2026-03-23
Hackernews
ThreatsDay Bulletin: FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish & More2026-03-19

📄Research Papers

1
arXiv
Efficacy of EPSS in High Severity CVEs found in KEV2024-11-04

💬Community

1
HackerOne
Out-Of-Bounds Memory Read on ███2024-06-18