Netscaler Gateway

netscaler_gateway

Vendor: Citrix • 26 CVEs

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-3055 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Mar 31, 2026 Mar 23, 2026 9.3 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread
CVE-2025-7776 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Sep 3, 2025 Aug 26, 2025 8.8 HIGH· v4 9.8 CRITICAL· v3 N/A· v2 Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RD...Show more Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to itShow less
CVE-2025-7775 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Oct 24, 2025 Aug 26, 2025 9.2 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or A...Show more Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDXShow less
CVE-2025-6543 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Oct 24, 2025 Jun 25, 2025 9.2 CRITICAL· v4 9.8 CRITICAL· v3 N/A· v2 Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual ser...Show more Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual serverShow less
CVE-2025-5777 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Oct 30, 2025 Jun 17, 2025 9.3 CRITICAL· v4 7.5 HIGH· v3 N/A· v2 Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server
CVE-2025-5349 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Aug 6, 2025 Jun 17, 2025 8.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway
CVE-2024-8535 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Jul 25, 2025 Nov 12, 2024 5.8 MEDIUM· v4 8.1 HIGH· v3 N/A· v2 Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for K...Show more Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resourcesShow less
CVE-2024-8534 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Jul 25, 2025 Nov 12, 2024 8.4 HIGH· v4 8.1 HIGH· v3 N/A· v2 Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be...Show more Memory safety vulnerability leading to memory corruption and Denial of Service in NetScaler ADC and Gateway if the appliance must be configured as a Gateway (VPN Vserver) with RDP Feature enabled OR the appliance must be configured as a Gateway (VPN Vserver) and RDP Proxy Server Profile is created and set to Gateway (VPN Vserver) OR the appliance must be configured as a Auth Server (AAA Vserver) with RDP Feature enabledShow less
CVE-2024-5492 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Jul 25, 2025 Jul 10, 2024 5.1 MEDIUM· v4 6.1 MEDIUM· v3 N/A· v2 Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
CVE-2024-5491 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Jul 25, 2025 Jul 10, 2024 7.2 HIGH· v4 7.5 HIGH· v3 N/A· v2 Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
CVE-2023-6549 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Feb 26, 2026 Jan 17, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service and Out-Of-Bounds Memory Read
CVE-2023-6548 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Oct 24, 2025 Jan 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) re...Show more Improper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gateway allows an attacker with access to NSIP, CLIP or SNIP with management interface to perform Authenticated (low privileged) remote code execution on Management Interface.Show less
CVE-2023-4967 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Nov 21, 2024 Oct 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Denial of Service in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA Virtual Server
CVE-2023-4966 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Oct 24, 2025 Oct 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.
CVE-2023-3467 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Nov 21, 2024 Jul 19, 2023 N/A· v4 8.0 HIGH· v3 N/A· v2 Privilege Escalation to root administrator (nsroot)
CVE-2023-3466 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Nov 21, 2024 Jul 19, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Reflected Cross-Site Scripting (XSS)
CVE-2023-3519 1Citrix 2Netscaler Application Delivery Controller Netscaler Gateway Oct 24, 2025 Jul 19, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Unauthenticated remote code execution
CVE-2021-22927 1Citrix 3Application Delivery Controller Firmware GatewayNetscaler Gateway Nov 21, 2024 Aug 5, 2021 N/A· v4 8.1 HIGH· v3 5.8 MEDIUM· v2 A session fixation vulnerability exists in Citrix ADC and Citrix Gateway 13.0-82.45 when configured SAML service provider that could allow an attacker to hijack a session.
CVE-2021-22919 1Citrix 4Application Delivery Controller Firmware GatewayNetscaler Gateway+1 more Nov 21, 2024 Aug 5, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO....Show more A vulnerability has been discovered in Citrix ADC (formerly known as NetScaler ADC) and Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk space on the appliances being fully consumed.Show less
CVE-2020-8300 1Citrix 3Application Delivery Controller Firmware GatewayNetscaler Gateway Nov 21, 2024 Jun 16, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing att...Show more Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.1-FIPS before 12.1-55.238 suffer from improper access control allowing SAML authentication hijack through a phishing attack to steal a valid user session. Note that Citrix ADC or Citrix Gateway must be configured as a SAML SP or a SAML IdP for this to be possible.Show less

12 Next