7.5

CVE-2026-10816

Medienbericht

Arbitrary File Read (Unauthenticated)

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CitrixNetscaler Application Delivery Controller SwEditionfips Version < 13.1-37.272
CitrixNetscaler Application Delivery Controller SwEditionndcpp Version < 13.1-37.272
CitrixNetscaler Application Delivery Controller SwEdition- Version >= 13.1 < 13.1-63.18
CitrixNetscaler Application Delivery Controller SwEdition- Version >= 14.1 < 14.1-72.61
CitrixNetscaler Application Delivery Controller Version14.1-66.68 SwEditionfips
CitrixNetScaler Gateway Version >= 13.1 < 13.1-63.18
CitrixNetScaler Gateway Version >= 14.1 < 14.1-72.61
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.333
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
50a63c94-1ea7-4568-8c11-eb79e7c5a2b5 7.1 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE-610 Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

CWE-73 External Control of File Name or Path

The product allows user input to control or influence paths or file names that are used in filesystem operations.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
01.07.2026 11:28
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
01.07.2026 06:58
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Vendor Advisory