CVE-2026-10816 - Vulnerability Details - OpenCVE

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

No data.

References

Link	Providers
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604

History

Tue, 30 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 30 Jun 2026 13:15:00 +0000

Type	Values Removed	Values Added
Description		Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled
Title		Arbitrary File Read (Unauthenticated)
Weaknesses		CWE-73
References		https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Metrics		cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: NetScaler

Published: 2026-06-30T12:52:14.461Z

Updated: 2026-06-30T13:28:45.455Z

Reserved: 2026-06-04T05:48:47.634Z

Link: CVE-2026-10816

Vulnrichment

Updated: 2026-06-30T13:28:40.636Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10816", "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "state": "PUBLISHED", "assignerShortName": "NetScaler", "dateReserved": "2026-06-04T05:48:47.634Z", "datePublished": "2026-06-30T12:52:14.461Z", "dateUpdated": "2026-06-30T13:28:45.455Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "shortName": "NetScaler", "dateUpdated": "2026-06-30T12:59:25.926Z"}, "title": "Arbitrary File Read (Unauthenticated)", "datePublic": "2026-06-30T12:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-73", "description": "CWE-73 External control of file name or path", "type": "CWE"}]}], "affected": [{"vendor": "NetScaler", "product": "ADC", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}, {"status": "affected", "version": "14.1 FIPS", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1 FIPS and NDcPP", "lessThan": "37.272", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "NetScaler", "product": "Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Arbitrary File Read (Unauthenticated) in\u00a0NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<div><span>Arbitrary File Read (Unauthenticated) in </span><span>NetScaler ADC and NetScaler Gateway if the a</span><span>ccess to NSIP, Cluster Management IP or SNIP with management access is enabled</span><br></div>"}]}], "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "version": "4.0", "baseSeverity": "HIGH", "baseScore": 7.1, "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.2"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T13:28:37.909957Z", "id": "CVE-2026-10816", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:28:45.455Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-30T13:28:37.909957Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:28:40.636Z"}}], "cna": {"title": "Arbitrary File Read (Unauthenticated)", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7.1, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "NetScaler", "product": "ADC", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}, {"status": "affected", "version": "14.1 FIPS", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1 FIPS and NDcPP", "lessThan": "37.272", "versionType": "patch"}], "defaultStatus": "unaffected"}, {"vendor": "NetScaler", "product": "Gateway", "versions": [{"status": "affected", "version": "14.1", "lessThan": "72.61", "versionType": "patch"}, {"status": "affected", "version": "13.1", "lessThan": "63.18", "versionType": "patch"}], "defaultStatus": "unaffected"}], "datePublic": "2026-06-30T12:00:00.000Z", "references": [{"url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604"}], "x_generator": {"engine": "Vulnogram 1.0.2"}, "descriptions": [{"lang": "en", "value": "Arbitrary File Read (Unauthenticated) in\u00a0NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled", "supportingMedia": [{"type": "text/html", "value": "<div><span>Arbitrary File Read (Unauthenticated) in </span><span>NetScaler ADC and NetScaler Gateway if the a</span><span>ccess to NSIP, Cluster Management IP or SNIP with management access is enabled</span><br></div>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External control of file name or path"}]}], "providerMetadata": {"orgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "shortName": "NetScaler", "dateUpdated": "2026-06-30T12:59:25.926Z"}}}, "cveMetadata": {"cveId": "CVE-2026-10816", "state": "PUBLISHED", "dateUpdated": "2026-06-30T13:28:45.455Z", "dateReserved": "2026-06-04T05:48:47.634Z", "assignerOrgId": "50a63c94-1ea7-4568-8c11-eb79e7c5a2b5", "datePublished": "2026-06-30T12:52:14.461Z", "assignerShortName": "NetScaler"}, "dataVersion": "5.2"}