Citrix ADC SSLVPN Path Traversal (CVE-2019-19781) for 2026-03-04

Last Updated: 12:10 UTC

CVE-2019-19781 is a path traversal in the Citrix ADC SSLVPN component via /vpns/cfg/ that achieves unauthenticated RCE through a crafted smb.conf file. Despite its 2019 disclosure it continues to be scanned for and exploited years later, reflecting the long tail of unpatched appliances.

CVE References

CVE-2019-19781

MITRE ATT&CK

Tactic: Initial Access (TA0001)
Technique: T1190 — Exploit Public-Facing Application

Observed URIs

• /vpn/../vpns/cfg/smb.conf

Attackers by Country

IP Address : ASN : City/Provider

• 198.167.197.194 : AS39287 ab stract : Sweden