CVE-2019-19781

CRITICALNVD 9.89.8—Trending — 4 sources updated this weekExploited in the wild

9.8

An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

CVSS v3: 9.8
EG Score: 9.8(high)
EPSS: 100.0%
KEV: ⚠ Exploited

Published

December 27, 2019

Last Modified

November 7, 2025

Advisory Details (7)

Auto-updated Jun 1, 2026

No patch confirmed yet. Sources: cert.

cert

VU#619785 - Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability

https://www.kb.cert.org/vuls/id/619785

generic

https://twitter.com/bad_packets/status/1215431625766424576

generic

Loading...

https://support.citrix.com/article/CTX267027

generic

Packet Storm

http://packetstormsecurity.com/files/155972/Citrix-ADC-Gateway-Path-Traversal.html

generic

Packet Storm

http://packetstormsecurity.com/files/155947/Citrix-ADC-NetScaler-Directory-Traversal-Remote-Code-Execution.html

generic

Packet Storm

http://packetstormsecurity.com/files/155905/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution-Traversal.html

generic

Packet Storm

http://packetstormsecurity.com/files/155904/Citrix-Application-Delivery-Controller-Gateway-Remote-Code-Execution.html

Weakness Classification(1)

MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.

CWE-22Path Traversal

Data Freshness Timeline

(refreshed 20× in last 7d / 20× in last 30d)

Every time one of our enrichment pipelines (NVD, MITRE cvelistV5, EPSS, CISA KEV, GHSA, OSV, vendor advisories) ran against this CVE. Most recent first.

2026-06-07 08:57 UTCEG score recompute
2026-06-07 08:57 UTCGHSA enrichment
2026-06-07 04:56 UTCEG score recompute
2026-06-07 04:56 UTCGHSA enrichment
2026-06-07 00:56 UTCEG score recompute
2026-06-07 00:56 UTCGHSA enrichment
2026-06-06 20:55 UTCEG score recompute
2026-06-06 20:55 UTCGHSA enrichment
2026-06-06 16:54 UTCEG score recompute
2026-06-06 16:54 UTCGHSA enrichment
2026-06-06 12:54 UTCEG score recompute
2026-06-06 12:54 UTCGHSA enrichment
2026-06-06 08:53 UTCEG score recompute
2026-06-06 08:53 UTCGHSA enrichment
2026-06-06 04:52 UTCEG score recompute
2026-06-06 04:52 UTCGHSA enrichment
2026-06-06 00:51 UTCEG score recompute
2026-06-06 00:51 UTCGHSA enrichment
2026-06-05 22:43 UTCkev_newly_listed
2026-06-05 20:51 UTCEG score recompute

Publicly available exploits

(10 references)

Working exploit code is in the public domain (7 GitHub PoCs) (3 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.

GitHub PoCw4fz5uck5/CVE-2019-19781-CitrixRCE
First seen Jul 17, 2020
Citrix Unauthorized Remote Code Execution Attacker - CVE-2019-19781
Open source ↗
GitHub PoCmandiant/ioc-scanner-CVE-2019-19781
First seen Jan 21, 2020
Indicator of Compromise Scanner for CVE-2019-19781
Open source ↗
GitHub PoCcitrix/ioc-scanner-CVE-2019-19781
First seen Jan 21, 2020
Indicator of Compromise Scanner for CVE-2019-19781
Open source ↗
Exploit-DBEDB-47930
First seen Jan 16, 2020
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
Open source ↗
Exploit-DBEDB-47913
First seen Jan 13, 2020
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
Open source ↗
GitHub PoCMalwareTech/CitrixHoneypot
First seen Jan 13, 2020
Detect and log CVE-2019-19781 scan and exploitation attempts.
Open source ↗
GitHub PoCaqhmal/CVE-2019-19781
First seen Jan 13, 2020
Automated script for Citrix ADC scanner (CVE-2019-19781) using hosts retrieved from Shodan API. You must have a Shodan account to use this script.
Open source ↗
Exploit-DBEDB-47901
First seen Jan 11, 2020
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
Open source ↗
GitHub PoCtrustedsec/cve-2019-19781
First seen Jan 11, 2020
This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
Open source ↗
GitHub PoCmpgn/CVE-2019-19781
First seen Jan 11, 2020
CVE-2019-19781 - Remote Code Execution on Citrix ADC Netscaler exploit
Open source ↗

Frequently asked(6)

What is CVE-2019-19781?

CVE-2019-19781 is a critical vulnerability published on December 27, 2019. An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.

When was CVE-2019-19781 disclosed?

CVE-2019-19781 was first published in the National Vulnerability Database on December 27, 2019, with the most recent update on November 7, 2025. EchelonGraph re-ingests CVE updates from NVD on a 2-hour cycle, so this page reflects the latest published state.

Is CVE-2019-19781 actively exploited?

Yes. CISA added CVE-2019-19781 to the Known Exploited Vulnerabilities catalog on November 3, 2021, affecting Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance. KEV listing indicates confirmed exploitation in the wild; this CVE warrants immediate patching attention.

What is the CVSS score of CVE-2019-19781?

CVE-2019-19781 has a CVSS v3 base score of 9.8 (NVD).

Which products are affected by CVE-2019-19781?

CVE-2019-19781 affects Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance. The full affected-products list, including version ranges and fixed versions, is shown in the Affected Packages section of this page.

How do I remediate CVE-2019-19781?

Patch to the fixed version published by the affected vendor. Where vendor advisories exist for CVE-2019-19781, EchelonGraph cross-links them in the Vendor Advisories panel below — those typically contain the canonical remediation steps, fixed version numbers, and any vendor-specific mitigations.

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2019-19781

Explore →

Is Your Infrastructure Affected by CVE-2019-19781?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2019-19781

📅 Published

🔄 Last Modified

📋 Advisory Details (7)

VU#619785 - Citrix Application Delivery Controller, Citrix Gateway, and Citrix SD-WAN WANOP web server vulnerability

Loading...

Packet Storm

Packet Storm

Packet Storm

Packet Storm

Weakness Classification(1)

Data Freshness Timeline

Publicly available exploits

❓ Frequently asked(6)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2019-19781?

🔗 Related CVEs(same CWE)

Same CWE

Published

Last Modified

Advisory Details (7)

Frequently asked(6)

Related CVEs(same CWE)