CVE-2022-27518

CRITICAL KEV

Citrix ADC and Gateway - Unauthenticated Remote Code Execution

Title source: manual
STIX 2.1

Exploitation Summary

CVE-2022-27518 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 13, 2022. EIP tracks 1 public exploit from researchers including dolby360.

AI-analyzed exploit summary This repository provides a proof-of-concept for CVE-2022-27518, demonstrating how to deploy a vulnerable Citrix CPX container and access its shell. It includes Docker commands to pull, run, and interact with the container.

Description

Unauthenticated remote arbitrary code execution

Exploits (1)

nomisec WORKING POC 2 stars
by dolby360 · poc
https://github.com/dolby360/CVE-2022-27518_POC

This repository provides a proof-of-concept for CVE-2022-27518, demonstrating how to deploy a vulnerable Citrix CPX container and access its shell. It includes Docker commands to pull, run, and interact with the container.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Citrix CPX Ingress Controller 13.0-58.30
No auth needed
Prerequisites: Docker installed · Internet access to pull the Docker image
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0693
EPSS Percentile 93.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable yes
Technical Impact total

Details

CISA KEV 2022-12-13
VulnCheck KEV 2022-12-13
InTheWild.io 2022-12-13
ENISA EUVD EUVD-2022-32019
CWE
CWE-664
Status published
Products (3)
citrix/application_delivery_controller_firmware 12.1 - 12.1-55.291 (2 CPE variants)
citrix/application_delivery_controller_firmware 12.1 - 12.1-65.25
citrix/gateway_firmware 12.1 - 12.1-65.25
Published Dec 13, 2022
KEV Added Dec 13, 2022
Tracked Since Feb 18, 2026