Find notable cyber news and cases, enriched with sources, timelines, and signals.

NetScaler ADC/Gateway arbitrary file read security flaw (CVE-2026-10816)

Vulnerability
First reported
Last updated
Happening score
H score 30
1 unique sources, 1 articles

Summary

Hide ▲

Citrix's NetScaler ADC and NetScaler Gateway now have CVE-2026-10816, a 7.7 flaw that can expose files through unauthenticated arbitrary file read when management access is enabled. The issue affects management-facing paths on NSIP, Cluster Management IP, or SNIP. Citrix has released fixes in 14.1-72.61 and 13.1-63.18 and later builds.

Related Happenings

CCB urgent patch warning for CVE-2026-41089 on Windows servers

Public Sector Action
H score48 First: 01.06.2026 15:30 Last: 01.06.2026 15:30 Sources 1

About this happening: Belgium's **CCB** warned that **CVE-2026-41089** is being **actively exploited in the wild**, urging admins to **immediately patch** vulnerable **Windows servers** because the fla...

CISA KEV order for CVE-2026-3055 on Citrix appliances

Public Sector Action
H score34 First: 31.03.2026 10:05 Last: 31.03.2026 10:05 Sources 1

About this happening: CISA added **CVE-2026-3055** to the **KEV Catalog** and ordered **FCEB agencies** to secure **Citrix NetScaler** appliances by **Thursday, April 2**, turning an **actively exploit...

Cloud Software Group NetScaler urgent remediation advisory

Advisory/Mitigation
H score44 First: 25.03.2026 17:52 Last: 25.03.2026 17:52 Sources 1

About this happening: **Cloud Software Group** issued urgent remediation guidance for **NetScaler ADC** and **NetScaler Gateway**, telling affected customers to install updated versions as soon as poss...

NetScaler ADC and NetScaler Gateway out-of-bounds read security flaw (CVE-2026-3055)

Vulnerability
H score38 First: 24.03.2026 17:15 Last: 24.03.2026 17:15 Sources 1

About this happening: A critical **out-of-bounds read** in **NetScaler ADC** and **NetScaler Gateway** can let an **unauthenticated remote attacker** leak **sensitive memory contents** from affected ap...

Citrix NetScaler reconnaissance scanning and version-enumeration campaign

Campaign
H score29 First: 03.02.2026 22:25 Last: 03.02.2026 22:25 Sources 1

About this happening: A **Citrix NetScaler** reconnaissance campaign used **residential proxies** and **63,189 distinct IPs** between **January 28 and February 2** to map exposed login panels and EPA a...

Timeline

  1. 01.07.2026 06:54 2 articles · 2h ago

    Citrix releases fixes for NetScaler arbitrary file-read and DoS flaws

    Initial Disclosure

    Citrix released security updates for NetScaler ADC and NetScaler Gateway to address multiple vulnerabilities, including CVE-2026-10816, which can lead to unauthenticated arbitrary file read when access to NSIP, Cluster Management IP, or SNIP with management access is enabled. Fixed builds are available in NetScaler ADC and NetScaler Gateway 14.1-72.61 and later, 13.1-63.18 and later, and the related FIPS and NDcPP releases. Citrix said there is no evidence of in-the-wild exploitation, and customers using CVE-2026-13474 are also advised to set Http2SmallWndTimeout to 30 seconds where needed.

    Show sources