This page lists publicly disclosed CVE vulnerabilities affecting citrix netscaler_sd-wan (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-12992 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6). | [email protected] | 8.8 | 48.94% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12991 KEV | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6). | [email protected] | 8.8 | 73.88% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12990 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. | [email protected] | 9.8 | 39.34% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12989 KEV | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. | [email protected] | 9.8 | 94.05% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12988 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of 6). | [email protected] | 9.8 | 39.54% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12987 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of 6). | [email protected] | 9.8 | 42.55% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12986 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 2 of 6). | [email protected] | 9.8 | 39.54% | 2019-07-16 | 2026-06-16 |
| CVE-2019-12985 | Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 1 of 6). | [email protected] | 9.8 | 39.54% | 2019-07-16 | 2026-06-16 |
| CVE-2019-11550 | Citrix SD-WAN 10.2.x before 10.2.1 and NetScaler SD-WAN 10.0.x before 10.0.7 have Improper Certificate Validation. | [email protected] | 5.9 | 0.58% | 2019-05-08 | 2026-06-16 |
| CVE-2018-17448 | An Incorrect Access Control issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | [email protected] | 9.8 | 2.20% | 2018-10-23 | 2026-06-16 |
| CVE-2018-17447 | An Information Exposure Through Log Files issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | [email protected] | 7.5 | 1.95% | 2018-10-23 | 2026-06-16 |
| CVE-2018-17446 | A SQL Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | [email protected] | 9.8 | 1.96% | 2018-10-23 | 2026-06-16 |
| CVE-2018-17445 | A Command Injection issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | [email protected] | 9.8 | 11.06% | 2018-10-23 | 2026-06-16 |
| CVE-2018-17444 | A Directory Traversal issue was discovered in Citrix SD-WAN 10.1.0 and NetScaler SD-WAN 9.3.x before 9.3.6 and 10.0.x before 10.0.4. | [email protected] | 7.5 | 3.58% | 2018-10-23 | 2026-06-16 |
| CVE-2018-5314 | Command injection vulnerability in Citrix NetScaler ADC and NetScaler Gateway 11.0 before build 70.16, 11.1 before build 55.13, and 12.0 before build 53.13; and the NetScaler Load Balancing instance distributed with NetScaler SD-WAN/CloudBridge 4000, 4100, 5000 and 5100 WAN Optimization Edition 9.3.0 allows remote attackers to execute a system command or read arbitrary files via an SSH login prompt. | [email protected] | 7.5 | 2.85% | 2018-03-01 | 2026-06-16 |
| CVE-2017-6316 KEV | Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISESSID. | [email protected] | 9.8 | 72.60% | 2017-07-20 | 2026-06-16 |