NetScaler ADC/Gateway arbitrary file read security flaw (CVE-2026-10816)
Vulnerability
Summary
Hide ▲
Show ▼
Citrix's NetScaler ADC and NetScaler Gateway now have CVE-2026-10816, a 7.7 flaw that can expose files through unauthenticated arbitrary file read when management access is enabled. The issue affects management-facing paths on NSIP, Cluster Management IP, or SNIP. Citrix has released fixes in 14.1-72.61 and 13.1-63.18 and later builds.
Related Happenings
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector Action
H score48
First: 01.06.2026 15:30
Last: 01.06.2026 15:30
Sources 1
About this happening:
Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CCB urgent patch warning for CVE-2026-41089 on Windows servers
Public Sector ActionAbout this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector Action
H score34
First: 31.03.2026 10:05
Last: 31.03.2026 10:05
Sources 1
About this happening:
CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
CISA KEV order for CVE-2026-3055 on Citrix appliances
Public Sector ActionAbout this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/Mitigation
H score44
First: 25.03.2026 17:52
Last: 25.03.2026 17:52
Sources 1
About this happening:
**Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
Cloud Software Group NetScaler urgent remediation advisory
Advisory/MitigationAbout this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...
NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)
Vulnerability
H score38
First: 24.03.2026 17:15
Last: 24.03.2026 17:15
Sources 1
About this happening:
A critical **out-of-bounds read** in **NetScaler ADC** and **NetScaler Gateway** can let an **unauthenticated remote attacker** leak **sensitive memory contents** from affected ap...
NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)
VulnerabilityAbout this happening: A critical **out-of-bounds read** in **NetScaler ADC** and **NetScaler Gateway** can let an **unauthenticated remote attacker** leak **sensitive memory contents** from affected ap...
Citrix NetScaler reconnaissance scanning and version-enumeration campaign
Campaign
H score29
First: 03.02.2026 22:25
Last: 03.02.2026 22:25
Sources 1
About this happening:
A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...
Citrix NetScaler reconnaissance scanning and version-enumeration campaign
CampaignAbout this happening: A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...
Timeline
-
01.07.2026 06:54 2 articles · 2h ago
Citrix releases fixes for NetScaler arbitrary file-read and DoS flaws
Initial DisclosureCitrix released security updates for NetScaler ADC and NetScaler Gateway to address multiple vulnerabilities, including CVE-2026-10816, which can lead to unauthenticated arbitrary file read when access to NSIP, Cluster Management IP, or SNIP with management access is enabled. Fixed builds are available in NetScaler ADC and NetScaler Gateway 14.1-72.61 and later, 13.1-63.18 and later, and the related FIPS and NDcPP releases. Citrix said there is no evidence of in-the-wild exploitation, and customers using CVE-2026-13474 are also advised to set Http2SmallWndTimeout to 30 seconds where needed.
Show sources
- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service — thehackernews.com — 01.07.2026 06:54
- Citrix Patches Six NetScaler Flaws Allowing File Read and Denial-of-Service — thehackernews.com — 01.07.2026 06:54