Netscaler Adc vulnerabilities

9 known vulnerabilities affecting netscaler/adc.

Total CVEs

9

CISA KEV

4

actively exploited

Public exploits

3

Exploited in wild

0

Severity breakdown

CRITICAL4HIGH4MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2026-3055CRITICALCVSS 9.3KEVPoC≥ 14.1, < 66.59≥ 13.1, < 62.23+1 more2026-03-23

CVE-2026-3055 [CRITICAL] CWE-125 CVE-2026-3055: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread

CVE-2026-4368HIGHCVSS 7.7v14.1.66.542026-03-23

CVE-2026-4368 [HIGH] CVE-2026-4368: Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL V Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup

CVE-2025-12101MEDIUMCVSS 5.9PoC≥ 14.1, < 56.73≥ 13.1, < 60.32+2 more2025-11-11

CVE-2025-12101 [MEDIUM] CWE-79 CVE-2025-12101: Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured a Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVE-2025-7775CRITICALCVSS 9.2KEV≥ 14.1, < 47.48≥ 13.1, < 59.22+2 more2025-08-26

CVE-2025-7775 [CRITICAL] CWE-119 CVE-2025-7775: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL

CVE-2025-8424HIGHCVSS 8.7≥ 14.1, < 47.48≥ 13.1, < 59.22+2 more2025-08-26

CVE-2025-8424 [HIGH] CWE-1284 CVE-2025-8424: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

CVE-2025-7776HIGHCVSS 8.8≥ 14.1, < 47.48≥ 13.1, < 59.22+2 more2025-08-26

CVE-2025-7776 [HIGH] CWE-119 CVE-2025-7776: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service i Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it

CVE-2025-6543CRITICALCVSS 9.2KEV≥ 14.1, < 47.46≥ 13.1, < 59.19+1 more2025-06-25

CVE-2025-6543 [CRITICAL] CWE-119 CVE-2025-6543: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVE-2025-5777CRITICALCVSS 9.3KEVPoC≥ 14.1, < 43.56≥ 13.1, < 58.322025-06-17

CVE-2025-5777 [CRITICAL] CWE-125 CVE-2025-5777: Insufficient input validation leading to memory overread when the NetScaler is configured as a Gatew Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server

CVE-2025-5349HIGHCVSS 8.7≥ 14.1, < 43.56≥ 13.1, < 58.322025-06-17

CVE-2025-5349 [HIGH] CWE-1284 CVE-2025-5349: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway