CVE Tools

Description

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

In plain language

AI Low urgency

CVE-2026-10816 is an unauthenticated weakness in ADC/Gateway that could let someone read sensitive system files, so you should update if your management interfaces (NSIP, Cluster Management IP, or SNIP with management access) are reachable.

Executive summary

Unauthenticated arbitrary file read (CWE-73) in NetScaler ADC and NetScaler Gateway via management interface access; an attacker can read files without needing an account, provided they can reach NSIP/Cluster Management IP or a management-enabled SNIP.

If affected, business impact
Sensitive configuration disclosureCredential and key exposure riskOperational disruptionFurther targeted attacks enabled

What to do now

  1. Check whether you expose NetScaler ADC/Gateway management interfaces externally (NSIP, Cluster Management IP, and SNIP with management access enabled).
  2. If any are reachable from untrusted networks, prioritize upgrading NetScaler ADC/Gateway to the fixed releases: 72.61, 63.18, or 37.272.
  3. After upgrading, confirm the management interfaces are still configured as intended and restricted (limit access to approved admin networks only).
Usually a quick update

CVSS Vector Breakdown

AV:NAC:LPR:NUI:NS:UC:HI:NA:N
Exploitability
AV:NAttack Vector
Network
AC:LAttack Complexity
Low
PR:NPrivileges Required
None
UI:NUser Interaction
None
Scope
S:UScope
Unchanged
Impact
C:HConfidentiality
High
I:NIntegrity
None
A:NAvailability
None

Weaknesses

Affected Products

NetScaler
commercial·USaka citrix, netscaler gateway firmware, application delivery controller firmware, xenserver

Exploitability

Official Patch Available

References

2

Unlock Complete Vulnerability Intelligence

Get the full picture for CVE-2026-10816 and every CVE in our database. Create a free account — no credit card required.

Create Free Account
Plain-language analysis
Impact assessment and exploitation scenario in plain English
Attack graph visualization
Interactive attack path and kill chain mapping
Exploit details & PoC links
ExploitDB, Metasploit, GitHub PoCs with direct links
Nuclei scanner templates
Ready-to-use vulnerability scanner templates
Full remediation guide
Patch instructions, workarounds, and compliance impact
Interactive AI chat
Ask questions about this vulnerability in natural language
Related vulnerabilities
Semantically similar CVEs and attack patterns
REST API & MCP access
Integrate vulnerability data into your workflows