CVE Citrix

Citrix Security Vulnerability CVE-2019-19781

The Cybersecurity and Infrastructure Security Agency (CISA) has released a utility that enables users and administrators to test whether their Citrix Application Delivery Controller (ADC) and Citrix Gateway software is susceptible to the CVE-2019-19781 vulnerability. According to Citrix Security Bulletin CTX267027, beginning on January 20, 2020, Citrix will be releasing new versions of Citrix ADC and Citrix Gateway that will patch CVE-2019-19781.

CISA strongly advises affected organizations to review CERT/CC’s Vulnerability Note VU#619785 and Citrix Security Bulletin CTX267027 and apply the mitigations until Citrix releases new versions of the software.

The above follows a recently discovered vulnerability in Citrix ADC (former Netscaler). Details of the CVE can be found at: ( There is no permanent fix yet but Citrix has published a workaround and estimated delivery of firmware patches: This CVE has been listed also in the National Vulnerability Database (NVD) of US NIST:

Details of the CVE can also be found at: and


About The Author