Citrix Netscaler Gateway vulnerabilities

CVE-2026-3055 [CRITICAL] CWE-125 CVE-2026-3055: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

CVE-2025-7775 [CRITICAL] CWE-119 CVE-2025-7775: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL

CVE-2025-7776 [HIGH] CWE-119 CVE-2025-7776: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service i Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

CVE-2025-6543 [CRITICAL] CWE-119 CVE-2025-6543: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVE-2025-5777 [CRITICAL] CWE-125 CVE-2025-5777: Insufficient input validation leading to memory overread when the NetScaler is configured as a Gatew Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVE-2025-5349 [HIGH] CWE-1284 CVE-2025-5349: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway

CVE-2024-8534 [HIGH] CWE-119 CVE-2024-8534: Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be

CVE-2024-8535 [MEDIUM] CWE-552 CVE-2024-8535: Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configura

CVE-2024-5491 [HIGH] CVE-2024-5491: Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler

CVE-2024-5492 [MEDIUM] CWE-601 CVE-2024-5492: Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway

CVE-2023-6549 [HIGH] CWE-119 CVE-2023-6549: Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScal Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read

CVE-2023-6548 [HIGH] CWE-94 CVE-2023-6548: Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway all Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.

CVE-2023-4967 [HIGH] CWE-119 CVE-2023-4967: Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual s Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server

CVE-2023-4966 [HIGH] CWE-119 CVE-2023-4966: Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

CVE-2023-3467 [HIGH] CWE-269 CVE-2023-3467: Privilege Escalation to root administrator (nsroot) Privilege Escalation to root administrator (nsroot)

CVE-2023-3466 [MEDIUM] CWE-20 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 Pre-requisites CWE CVE-2023-3466 Citrix ADC, Citrix Gateway Reflected Cross-Site Scripting (XSS) Requires victim to access an attacker-controlled link in the browser while being on a network with connectivity to the NSIP CWE-20 CVE-2023-3467 Citrix ADC, Citrix Gateway Privileg

CVE-2021-22919 [HIGH] CWE-770 CVE-2021-22919: A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gatew A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.

CVE-2021-22927 [HIGH] CWE-384 CVE-2021-22927: A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.

CVE-2020-8300 [MEDIUM] CWE-284 CVE-2020-8300: Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12. Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to b

CVE-2020-8299 [MEDIUM] CWE-400 CVE-2020-8299: Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 1 Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 12.1-FIPS before 12.1-55.238, and Citrix SD-WAN WANOP Edition before 11.4.0, 11.3.2, 11.3.1a, 11.2.3a, 11.1.2c, 10.2.9a suffers from uncontrolled resource consumption by way of a network-based denial-of-service from within the same Layer 2 network segmen