CVE-2019-19781

ENISA EUVD: EUVD-2019-9380 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 14 articles Published: 2019-12-27

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.47%

probability

This CVE has a 94.47% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.8

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

7.5

HIGH

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

Affected Products

n/a

citrix

application delivery controller firmware

citrix

netscaler gateway firmware

citrix

gateway firmware

n/a

Attack Intelligence

CWE-22 · Path Traversal CWE-664 · Improper Control of a Resource Through its Lifetime CWE-706 · Use of Incorrectly-Resolved Name or Reference

Exploits & PoC

trustedsec/cve-2019-19781

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.

572 2020-01-22

projectzeroindia/CVE-2019-19781

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]

367 2020-01-18

mpgn/CVE-2019-19781

CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit

158 2021-01-24

MalwareTech/CitrixHoneypot

Detect and log CVE-2019-19781 scan and exploitation attempts.

120 2020-01-15

cisagov/check-cve-2019-19781

Test a host for susceptibility to CVE-2019-19781

109 2020-10-23

mandiant/ioc-scanner-CVE-2019-19781

Indicator of Compromise Scanner for CVE-2019-19781

94 2020-03-25

jas502n/CVE-2019-19781

Citrix ADC Remote Code Execution

84 2020-01-11

citrix/ioc-scanner-CVE-2019-19781

Indicator of Compromise Scanner for CVE-2019-19781

58 2020-03-25

aqhmal/CVE-2019-19781

Automated script for Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.

11 2020-01-14

w4fz5uck5/CVE-2019-19781-CitrixRCE

Citrix Unauthorized Remote Code Execution Attacker - CVE-2019-19781

10 2023-09-12

ianxtianxt/CVE-2019-19781

Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]

7 2020-01-11

VladRico/CVE-2019-19781

Shitrix : CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit

7 2023-10-17

unknowndevice64/Exploits_CVE-2019-19781

All Working Exploits

4 2020-01-11

onSec-fr/CVE-2019-19781-Forensic

Automated forensic script hunting for cve-2019-19781

3 2020-02-18

j81blog/ADC-19781

Check ADC for CVE-2019-19781

3 2020-02-02

k-fire/CVE-2019-19781-exploit

CVE-2019-19781

3 2021-11-07

oways/CVE-2019-19781

CVE-2019-19781 Citrix RCE

2 2020-01-11

DanielWep/CVE-NetScalerFileSystemCheck

This script checks the Citrix Netscaler if it has been compromised by CVE-2019-19781 attacks and collects all file system information

2 2020-10-27

andripwn/CVE-2019-19781

Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API.

2 2020-07-27

redscan/CVE-2019-19781

CVE-2019-19781 Attack Triage Script

1 2020-01-17

r4ulcl/CVE-2019-19781

Python CVE-2019-19781 exploit

1 2020-01-28

nmanzi/webcvescanner

Gather a list of Citrix appliances in a country / state pair, and check if they're vulnerable to CVE-2019-19781

1 2020-03-08

Vulnmachines/Ctirix_RCE-CVE-2019-19781

Citrix ADC RCE cve-2019-19781

1 2022-07-26

becrevex/Citrix_CVE-2019-19781

Took at stab at an NSE discovery script for CVE-2019-19781.

0 2020-01-11

jamesjguthrie/Shitrix-CVE-2019-19781

My working exploit script for Shitrix (CVE-2019-19781)

0 2020-07-21

hollerith/CVE-2019-19781

Citrix Netscaler RCE

0 2020-01-13

mekhalleh/citrix_dir_traversal_rce

The exploitation module for the CVE-2019-19781 #Shitrix (Vulnerability in Citrix Application Delivery Controller and Citrix Gateway).

0 2020-01-18

zgelici/CVE-2019-19781-Checker

Check your website for CVE-2019-19781 Vulnerable

0 2020-01-15

digitalshadows/CVE-2019-19781_IOCs

IOCs for CVE-2019-19781

0 2020-01-15

Castaldio86/Detect-CVE-2019-19781

0 2020-01-16

awesome-security/citrixmash_scanner

A fast multi threaded scanner for Citrix ADC (NetScaler) CVE-2019-19781 - Citrixmash

0 2020-01-16

b510/CVE-2019-19781

批量概念驗證用

0 2020-01-17

digitalgangst/massCitrix

Código desenvolvido para a verificação em massa da vulnerabilidade CVE-2019-19781 de hosts descobertos pelo Shodan. Pull requests são bem vindas.

0 2020-01-21

L4r1k/CitrixNetscalerAnalysis

:microscope: Jupyter notebook to help automate some of the forensic analysis related to Citrix Netscalers compromised via CVE-2019-19781

0 2020-02-21

Azeemering/CVE-2019-19781-DFIR-Notes

My Citrix ADC NetScaler CVE-2019-19781 Vulnerability DFIR notes.

0 2023-05-09

0xams/citrixvulncheck

a script to look for CVE-2019-19781 Vulnerability within a domain and it's subdomains

0 2020-01-30

EliusHHimel/citrix-honeypot

Citrix ADC (NetScaler) Honeypot. Supports detection for CVE-2019-19781 and login attempts

0 2020-01-23

darren646/CVE-2019-19781POC

0 2020-04-20

Roshi99/Remote-Code-Execution-Exploit-for-Citrix-Application-Delivery-Controller-and-Citrix-Gateway-CVE-201

This document explain Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [CVE-2019-19781]

0 2020-05-12

yukar1z0e/CVE-2019-19781

0 2020-05-26

SharpHack/CVE-2019-19781

0 2020-07-09

qiong-qi/CVE-2019-19781-poc

修改的poc，适用于python3

0 2020-07-09

pwn3z/CVE-2019-19781-Citrix

0 2021-04-06

zerobytesecure/CVE-2019-19781

0 2024-06-25

tpdlshdmlrkfmcla/CVE-2019-19781

RCE, Citirx ADC and Gateway Directory Traversal

0 2025-03-16

autocode07/cisagov__check-cve-2019-19781.4142e02b

0 2025-10-21

46 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.citrix.com/article/CTX267027

x_refsource_CONFIRM

https://www.kb.cert.org/vuls/id/619785

third-party-advisory x_refsource_CERT-VN

https://twitter.com/bad_packets/status/1215431625766424576

x_refsource_MISC

https://badpackets.net/over-25000-citrix-netscaler-endpoints-vulnerable-to-cve-2019-19781/

x_refsource_MISC

https://forms.gle/eDf3DXZAv96oosfj6

x_refsource_MISC

http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

85%

EPSS 94.47%

CVSS v3.1 9.8

Mentions 14

Last Seen May 08, 2025

CNA Information

CNA Assigner

mitre

Analyst Note

CVE-2019-19781 is a critical Citrix ADC/Gateway directory traversal vulnerability (CVSS 9.8) published 2019-12-27. CERT-EU issued a security advisory in early 2020 labeling it critical, and this vulnerability became widely exploited in the wild shortly after disclosure, before patches were fully available across deployments. The rapid exploitation and critical severity align with zero-day characteristics, though specific timing confirmation is limited by available article excerpts.