CVE-2023-4966

ENISA EUVD: EUVD-2023-54802 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 13 articles Published: 2023-10-10

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

94.33%

probability

This CVE has a 94.33% probability of being exploited in the next 30 days.

0% Top 100.0th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

9.4

CRITICAL

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Description

VulnerabilityLookup (CNA)

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA  virtual server.

Affected Products

Citrix

NetScaler ADC

14.1 13.1 13.0 13.1-FIPS 12.1-FIPS 12.1-NDcPP

Citrix

NetScaler Gateway

14.1 13.1 13.0

citrix

netscaler application delivery controller

citrix

netscaler gateway

Citrix

NetScaler Gateway

13.1 <49.15

Citrix

NetScaler ADC 

13.1 <49.15

Citrix

NetScaler ADC

12.1-FIPS <55.300

Citrix

NetScaler ADC

13.0 <92.19

Citrix

NetScaler ADC

13.1-FIPS <37.164

Citrix

NetScaler ADC 

12.1-NDcPP <55.300

Citrix

NetScaler Gateway

13.0 <92.19

Citrix

NetScaler ADC 

12.1-FIPS <55.300

Citrix

NetScaler ADC 

14.1 <8.50

Citrix

NetScaler ADC

14.1 <8.50

Citrix

NetScaler Gateway

14.1 <8.50

Citrix

NetScaler ADC

12.1-NDcPP <55.300

Citrix

NetScaler ADC 

13.0 <92.19

Citrix

NetScaler ADC 

13.1-FIPS <37.164

Citrix

NetScaler ADC

13.1 <49.15

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime

Exploits & PoC

Chocapikk/CVE-2023-4966

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)

79 2023-10-26

dinosn/citrix_cve-2023-4966

Citrix CVE-2023-4966 from assetnote modified for parallel and file handling

11 2023-10-25

RevoltSecurities/CVE-2023-4966

An Exploitation script developed to exploit the CVE-2023-4966 bleed citrix information disclosure vulnerability

10 2023-10-29

mlynchcogent/CVE-2023-4966-POC

Proof Of Concept for te NetScaler Vuln

8 2023-10-25

certat/citrix-logchecker

Parse citrix netscaler logs to check for signs of CVE-2023-4966 exploitation

5 2023-11-03

morganwdavis/overread

Simulates CVE-2023-4966 Citrix Bleed overread bug

2 2023-12-31

IceBreakerCode/CVE-2023-4966

1 2023-10-25

0xKayala/CVE-2023-4966

CVE-2023-4966 - NetScaler ADC and NetScaler Gateway Memory Leak Exploit

0 2023-10-28

s-bt/CVE-2023-4966

Scripts to get infos

0 2023-11-20

byte4RR4Y/CVE-2023-4966

Programm to exploit a range of ip adresses

0 2023-11-27

jmussmann/cve-2023-4966-iocs

Python script to search Citrix NetScaler logs for possible CVE-2023-4966 exploitation.

0 2023-12-09

LucasOneZ/CVE-2023-4966

0 2024-09-14

akshthejo/CVE-2023-4966-exploit

CVE-2023-4966-exploit

0 2025-01-17

vignesh-hp/LockBit-Ransomware-Analysis

Threat intelligence and incident response case study on LockBit ransomware exploiting CVE-2023-4966 (Citrix Bleed).

0 2026-02-25

14 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.citrix.com/article/CTX579459

http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html

Signal Intelligence

Confidenceⓘ

85%

EPSS 94.33%

CVSS v3.1 9.4

Mentions 13

Last Seen Mar 24, 2026

CNA Information

CNA Assigner

Citrix

CNA Title

Unauthenticated sensitive information disclosure

Analyst Note

CVE-2023-4966 was explicitly named by Citrix as a zero-day exploited in active attacks in October 2023, coinciding with the CVE publication date. The BleepingComputer article directly states 'Citrix warns of new Netscaler zero-days exploited in attacks,' confirming in-the-wild exploitation at or before patch availability.