← back

CVE-2023-4966

CRITICAL · 9.4 KEV EPSS 100.0%
hype ACTIVE HACK · 92 hack

KEV-listed; near-perfect EPSS; active exploitation confirmed; posts conflate with newer variant but underlying vuln widely exploited.

What: Sensitive information disclosure in Citrix NetScaler ADC/Gateway (VPN, ICA Proxy, CVPN, RDP Proxy, AAA virtual servers) via pre-auth memory overread; CVSS 9.4 CRITICAL, EPSS 0.99999.

Why it matters: KEV-listed 2023-10-18; EPSS near-perfect exploitation likelihood; unauthenticated attackers can extract credentials and session data from memory without login. Active exploitation observed in wild since October 2023.

Where it's seen: Social posts reference "CitrixBleed" and a different CVE (CVE-2026-8451), suggesting confusion or misattribution; however, CVE-2023-4966 itself drove massive remediation waves and vendor patches in Q4 2023–Q1 2024.

RISK: CRITICAL — Pre-auth memory leak enabling credential theft; thousands of internet-facing NetScalers vulnerable; exploitation trivial.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/30/2026, 10:56:18 PM

Description

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

CVSS 3.1 breakdown

Exploitability 3.9 · Impact 5.5
vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack vector
Network
Complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Affected versions

  • citrix/netscaler_application_delivery_controller
    • 12.1 – < 12.1-55.300
    • 13.0 – < 13.0-92.19
    • 13.1 – < 13.1-37.164
    • 13.1 – < 13.1-49.15
    • 14.1 – < 14.1-8.50
  • citrix/netscaler_gateway
    • 13.0 – < 13.0-92.19
    • 13.1 – < 13.1-49.15
    • 14.1 – < 14.1-8.50

Weaknesses

Vendors

  • citrix

Products

  • netscaler_application_delivery_controller
  • netscaler_gateway