CVE-2023-6549

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 5, 2026 4 articles

VulnLookup ↗ NVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

79.86%

probability

This CVE has a 79.86% probability of being exploited in the next 30 days.

0% Top 99.1th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-664 · Improper Control of a Resource Through its Lifetime

CISA pushes federal agencies to patch Citrix RCE within a week

BleepingComputer Jan 17, 2024

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!

TheHackerNews

Citrix warns of new Netscaler zero-days exploited in attacks

BleepingComputer Jan 16, 2024

Security Advisory 2024-010

CERT-EU Jul 18, 2024

Signal Intelligence

Confidenceⓘ

85%

EPSS 79.86%

Mentions 4

Last Seen Jul 18, 2024

CNA Information

Analyst Note

CVE-2023-6549 is explicitly named in Citrix's warning of 'new Netscaler zero-days exploited in attacks' (article [2]), confirming in-the-wild exploitation. The CVE was published in January 2024 and exploitation reports emerged simultaneously, meeting the zero-day criteria of exploitation before or concurrent with patch availability.

Threat Actors 6

Volt Typhoon

apt_group Information theft and espionage 🇨🇳 CN

ArcaneDoor

apt_group 🇨🇳 CN

APT42

apt_group Information theft and espionage 🇮🇷 IR

APT 22

apt_group Information theft and espionage 🇨🇳 CN

Red October

apt_group 🇷🇺 RU

Iron Group

apt_group Information theft and espionage 🇨🇳 CN

Triage Info

Decided atMar 05, 2026