cbcvebase.

Netscaler Adc vulnerabilities

15 known vulnerabilities affecting netscaler/adc.

Total CVEs
15
CISA KEV
4
actively exploited
Public exploits
3
Exploited in wild
4
Severity breakdown
CRITICAL4HIGH9MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-5777P1HIGHCVSS 7.5KEVPoCRansomware≥ 14.1, < 43.56≥ 13.1, < 58.322025-06-17
CVE-2025-5777 [HIGH] CWE-125 CVE-2025-5777: Insufficient input validation leading to memory overread when the NetScaler is configured as a Gatew Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
nvd
CVE-2026-3055P1CRITICALCVSS 9.8KEVPoC≥ 14.1, < 66.59≥ 13.1, < 62.23+1 more2026-03-23
CVE-2026-3055 [CRITICAL] CWE-125 CVE-2026-3055: Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP l Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
nvd
CVE-2025-7775P1CRITICALCVSS 9.8KEV≥ 14.1, < 47.48≥ 13.1, < 59.22+2 more2025-08-26
CVE-2025-7775 [CRITICAL] CWE-119 CVE-2025-7775: Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL
nvd
CVE-2025-6543P1CRITICALCVSS 9.8KEV≥ 14.1, < 47.46≥ 13.1, < 59.19+1 more2025-06-25
CVE-2025-6543 [CRITICAL] CWE-119 CVE-2025-6543: Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
nvd
CVE-2025-12101P3MEDIUMCVSS 5.9PoC≥ 14.1, < 56.73≥ 13.1, < 60.32+2 more2025-11-11
CVE-2025-12101 [MEDIUM] CWE-79 CVE-2025-12101: Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured a Cross-Site Scripting (XSS) in NetScaler ADC and NetScaler Gateway when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
nvd
CVE-2025-7776P2CRITICALCVSS 9.8≥ 14.1, < 47.48≥ 13.1, < 59.22+2 more2025-08-26
CVE-2025-7776 [CRITICAL] CWE-119 CVE-2025-7776: Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service i Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it
nvd
CVE-2025-5349P3HIGHCVSS 8.8≥ 14.1, < 43.56≥ 13.1, < 58.322025-06-17
CVE-2025-5349 [HIGH] CWE-1284 CVE-2025-5349: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
nvd
CVE-2025-8424P3HIGHCVSS 8.7≥ 14.1, < 47.48≥ 13.1, < 59.22+2 more2025-08-26
CVE-2025-8424 [HIGH] CWE-1284 CVE-2025-8424: Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access
nvd
CVE-2026-4368P3HIGHCVSS 7.7v14.1.66.542026-03-23
CVE-2026-4368 [HIGH] CWE-362 CVE-2026-4368: Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL V Race Condition in NetScaler ADC and NetScaler Gateway when appliance is configured as Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server leading to User Session Mixup
nvd
CVE-2026-8452P3HIGHCVSS 8.8≥ 14.1, < 72.61≥ 13.1, < 63.18+2 more2026-06-30
CVE-2026-8452 [HIGH] CWE-119 CVE-2026-8452: Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or errone Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server
nvd
CVE-2026-8655P3HIGHCVSS 8.8≥ 14.1, < 72.61≥ 13.1, < 63.18+2 more2026-06-30
CVE-2026-8655 [HIGH] CWE-119 CVE-2026-8655: Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredict Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment
nvd
CVE-2026-8451P3HIGHCVSS 8.8≥ 14.1, < 72.61≥ 13.1, < 63.18+2 more2026-06-30
CVE-2026-8451 [HIGH] CWE-125 CVE-2026-8451: Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if N Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
nvd
CVE-2026-13474P3HIGHCVSS 8.7≥ 14.1, < 72.61≥ 13.1, < 63.18+2 more2026-06-30
CVE-2026-13474 [HIGH] CWE-401 CVE-2026-13474: Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
nvd
CVE-2026-10817P4MEDIUMCVSS 6.9≥ 14.1, < 72.61≥ 13.1, < 63.18+2 more2026-06-30
CVE-2026-10817 [MEDIUM] CWE-125 CVE-2026-10817: Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if t Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler
nvd
CVE-2026-10816P4HIGHCVSS 7.1≥ 14.1, < 72.61≥ 13.1, < 63.18+2 more2026-06-30
CVE-2026-10816 [HIGH] CWE-73 CVE-2026-10816: Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
nvd
Netscaler Adc vulnerabilities | cvebase