Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-10816

Summary
Assigner-NetScaler
Assigner Org ID-50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Published At-30 Jun, 2026 | 12:52
Updated At-30 Jun, 2026 | 13:28
Rejected At-
Credits

Arbitrary File Read (Unauthenticated)

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:NetScaler
Assigner Org ID:50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Published At:30 Jun, 2026 | 12:52
Updated At:30 Jun, 2026 | 13:28
Rejected At:
▼CVE Numbering Authority (CNA)
Arbitrary File Read (Unauthenticated)

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

Affected Products
Vendor
NetScaler (Cloud Software Group, Inc.)NetScaler
Product
ADC
Default Status
unaffected
Versions
Affected
  • From 14.1 before 72.61 (patch)
  • From 13.1 before 63.18 (patch)
  • From 14.1 FIPS before 72.61 (patch)
  • From 13.1 FIPS and NDcPP before 37.272 (patch)
Vendor
NetScaler (Cloud Software Group, Inc.)NetScaler
Product
Gateway
Default Status
unaffected
Versions
Affected
  • From 14.1 before 72.61 (patch)
  • From 13.1 before 63.18 (patch)
Problem Types
TypeCWE IDDescription
CWECWE-73CWE-73 External control of file name or path
Type: CWE
CWE ID: CWE-73
Description: CWE-73 External control of file name or path
Metrics
VersionBase scoreBase severityVector
4.07.1HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
N/A
Hyperlink: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Published At:30 Jun, 2026 | 13:17
Updated At:02 Jul, 2026 | 16:58

Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.07.1HIGH
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller>>Versions before 13.1-37.272(exclusive)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:fips:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller>>Versions before 13.1-37.272(exclusive)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:ndcpp:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller>>Versions from 13.1(inclusive) to 13.1-63.18(exclusive)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller>>Versions from 14.1(inclusive) to 14.1-72.61(exclusive)
cpe:2.3:a:citrix:netscaler_application_delivery_controller:*:*:*:*:-:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_application_delivery_controller>>14.1-66.68
cpe:2.3:a:citrix:netscaler_application_delivery_controller:14.1-66.68:*:*:*:fips:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_gateway>>Versions from 13.1(inclusive) to 13.1-63.18(exclusive)
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*
Citrix (Cloud Software Group, Inc.)
citrix
>>netscaler_gateway>>Versions from 14.1(inclusive) to 14.1-72.61(exclusive)
cpe:2.3:a:citrix:netscaler_gateway:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-73Secondary50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
CWE-610Primarynvd@nist.gov
CWE ID: CWE-73
Type: Secondary
Source: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
CWE ID: CWE-610
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX69660450a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Vendor Advisory
Hyperlink: https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696604
Source: 50a63c94-1ea7-4568-8c11-eb79e7c5a2b5
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

57Records found

CVE-2023-0045
Matching Score-4
Assigner-Google LLC
ShareView Details
Matching Score-4
Assigner-Google LLC
CVSS Score-4.7||MEDIUM
EPSS-2.40% / 81.99%
||
7 Day CHG~0.00%
Published-25 Apr, 2023 | 22:44
Updated-13 Feb, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect indirect branch prediction barrier in the Linux Kernel

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176. We recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96

Action-Not Available
Vendor-Linux Kernel Organization, IncNetApp, Inc.Debian GNU/Linux
Product-active_iq_unified_managerh700sh410ch410s_firmwareh300sh500s_firmwarelinux_kernelh500sdebian_linuxh700s_firmwareh410c_firmwareh410sh300s_firmwareLinux Kernel
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2025-3419
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.59% / 43.85%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 05:22
Updated-08 Apr, 2026 | 17:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.26 - Unauthenticated Arbitrary File Read

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-47445 is a duplicate of this vulnerability.

Action-Not Available
Vendor-themewinterarraytics
Product-eventinEventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-3431
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.36% / 27.95%
||
7 Day CHG+0.02%
Published-08 Apr, 2025 | 07:29
Updated-08 Apr, 2026 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Unauthenticated Arbitrary File Download

The ZoomSounds - WordPress Wave Audio Player with Playlist plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 6.91 via the 'dzsap_download' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Action-Not Available
Vendor-digitalzoomstudioZoomIt
Product-zoomsoundsZoomSounds - WordPress Wave Audio Player with Playlist
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-3103
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.33% / 24.81%
||
7 Day CHG~0.00%
Published-19 Apr, 2025 | 04:21
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon <= 2.4 - Unauthenticated Arbitrary File Read

The CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin for WordPress is vulnerable to arbitrary file read due to insufficient file path validation in the 'history.php' file in all versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to read arbitrary files on the affected site's server, which may contain sensitive information including database credentials. The vulnerability was partially patched in version 2.4.

Action-Not Available
Vendor-LambertGroup
Product-CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon
CWE ID-CWE-73
External Control of File Name or Path
CVE-2025-2875
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-8.7||HIGH
EPSS-0.34% / 26.48%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 08:46
Updated-14 May, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CWE-610: Externally Controlled Reference to a Resource in Another Sphere vulnerability exists that could cause a loss of confidentiality when an unauthenticated attacker manipulates controller’s webserver URL to access resources.

Action-Not Available
Vendor-Schneider Electric SE
Product-Modicon Controllers M258 / LMC058Modicon Controllers M241 / M251
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2020-2504
Matching Score-4
Assigner-QNAP Systems, Inc.
ShareView Details
Matching Score-4
Assigner-QNAP Systems, Inc.
CVSS Score-5.8||MEDIUM
EPSS-1.02% / 59.10%
||
7 Day CHG~0.00%
Published-24 Dec, 2020 | 01:39
Updated-17 Sep, 2024 | 00:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Absolute path traversal vulnerability in QES

If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later.

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qesQES
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-20
Improper Input Validation
CVE-2019-25472
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.30% / 21.83%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:23
Updated-07 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IntelBras Telefone IP TIP200/200 LITE Arbitrary File Read via dumpConfigFile

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile() to read sensitive files including /etc/shadow and configuration files without proper authorization.

Action-Not Available
Vendor-Intelbras
Product-Telefone IP TIP 200 LITETelefone IP TIP 200
CWE ID-CWE-73
External Control of File Name or Path
  • Previous
  • 1
  • 2
  • Next
Details not found