Description
Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
In plain language
AI Low urgencyCVE-2026-10816 is an unauthenticated weakness in ADC/Gateway that could let someone read sensitive system files, so you should update if your management interfaces (NSIP, Cluster Management IP, or SNIP with management access) are reachable.
Unauthenticated arbitrary file read (CWE-73) in NetScaler ADC and NetScaler Gateway via management interface access; an attacker can read files without needing an account, provided they can reach NSIP/Cluster Management IP or a management-enabled SNIP.
What to do now
- Check whether you expose NetScaler ADC/Gateway management interfaces externally (NSIP, Cluster Management IP, and SNIP with management access enabled).
- If any are reachable from untrusted networks, prioritize upgrading NetScaler ADC/Gateway to the fixed releases: 72.61, 63.18, or 37.272.
- After upgrading, confirm the management interfaces are still configured as intended and restricted (limit access to approved admin networks only).
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:HConfidentialityI:NIntegrityA:NAvailabilityWeaknesses
Affected Products
Exploitability
References
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2026-10816 and every CVE in our database. Create a free account — no credit card required.
Create Free Account