Volerion logoVolerion
Volerion logoVolerion

Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Citrix ADC and Gateway Unauthenticated Remote Code Execution Vulnerability

Vulnerability

A vulnerability allowing unauthenticated remote arbitrary code execution has been identified in Citrix Application Delivery Controller (ADC) and Citrix Gateway. This issue arises in configurations using SAML Service Provider or Identity Provider, where an authentication bypass allows attackers to execute code with administrative privileges.

Impact

Exploitation of this vulnerability allows for unauthenticated remote code execution with administrative rights on the affected system.

Remediation

Users are advised to apply updates according to Citrix's vendor instructions. Details can be found in the Citrix ADC and Citrix Gateway Security Bulletin for CVE-2022-27518.

Added: May 15, 2026, 10:58 AM
Updated: May 15, 2026, 10:58 AM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
7.5
exploitability
9.3
remediation
0.0
relevance
0.0
threat
8.6
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.