Citrix Security Vulnerabilities (CVEs)
Track 37 security vulnerabilities affecting Citrix products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
A memory overflow vulnerability in NetScaler ADC and NetScaler Gateway allows remote attackers to execute arbitrary code or cause denial of service. A...
Aug 26, 2025A critical memory overflow vulnerability in NetScaler ADC and NetScaler Gateway allows attackers to manipulate control flow and cause denial of servic...
Jun 25, 2025CVE-2025-0320 is a local privilege escalation vulnerability in Citrix Secure Access Client for Windows that allows authenticated low-privileged users ...
Jun 17, 2025CVE-2025-5777 (CitrixBleed 2) is a memory disclosure vulnerability in Citrix NetScaler ADC and Gateway appliances. Insufficient input validation allow...
Jun 17, 2025CVE-2025-4365 is an arbitrary file read vulnerability in NetScaler Console and NetScaler SDX (SVM) that allows attackers to read sensitive files from ...
Jun 17, 2025This vulnerability in Citrix Secure Access Client for Mac allows attackers to gain application privileges, potentially enabling limited data modificat...
Feb 20, 2025This vulnerability allows authenticated users on NetScaler Console and NetScaler Agent to escalate their privileges to higher levels than intended. At...
Feb 20, 2025This vulnerability allows authenticated users on NetScaler ADC and NetScaler Gateway appliances to access unintended user capabilities when Kerberos S...
Nov 12, 2024This vulnerability allows authenticated Windows Active Directory users in the same domain as a Citrix Session Recording server to escalate privileges ...
Nov 12, 2024CVE-2024-7889 is a local privilege escalation vulnerability in Citrix Workspace app for Windows that allows authenticated low-privileged users to gain...
Sep 11, 2024This vulnerability allows local unauthenticated users with low privileges to bypass authorization controls in Citrix Workspace App when Citrix CEB is ...
Sep 10, 2024CVE-2024-6677 is a privilege escalation vulnerability in uberAgent that allows authenticated users to gain elevated privileges on affected systems. Th...
Jul 12, 2024This vulnerability allows a low-privileged local user on Windows systems running Citrix Virtual Delivery Agent to escalate privileges to SYSTEM level....
Jul 10, 2024CVE-2024-6286 is a local privilege escalation vulnerability in Citrix Workspace app for Windows that allows authenticated low-privileged users to gain...
Jul 10, 2024This vulnerability allows attackers to bypass GACS (Gateway Authentication and Control Service) policy configurations in Citrix Workspace app for HTML...
Jul 10, 2024This vulnerability in Citrix Provisioning allows non-admin users to temporarily disrupt target VM availability through improper authorization checks. ...
Jul 10, 2024CVE-2024-5491 is a Denial of Service vulnerability in NetScaler ADC and NetScaler Gateway appliances. Attackers can exploit this vulnerability to cras...
Jul 10, 2024CVE-2024-6235 is an authentication bypass vulnerability in NetScaler Console that allows unauthenticated attackers to access sensitive information. Th...
Jul 10, 2024CVE-2023-6549 is a memory buffer vulnerability in NetScaler ADC and NetScaler Gateway that allows unauthenticated attackers to cause denial of service...
Jan 17, 2024CVE-2023-4967 is a buffer overflow vulnerability in Citrix NetScaler ADC and Gateway that allows remote attackers to cause denial of service. It affec...
Oct 27, 2023CVE-2023-4966, known as Citrix Bleed, is a sensitive information disclosure vulnerability in NetScaler ADC and NetScaler Gateway when configured as a ...
Oct 10, 2023CVE-2023-3466 is a reflected cross-site scripting (XSS) vulnerability in Citrix ADC and Citrix Gateway that allows attackers to inject malicious scrip...
Jul 19, 2023CVE-2023-3519 is an unauthenticated remote code execution vulnerability in Citrix ADC and Citrix Gateway appliances. Attackers can exploit this withou...
Jul 19, 2023This vulnerability in Citrix Secure Access client for Ubuntu allows remote code execution when a user opens a malicious link and accepts prompts. It a...
Jul 11, 2023This vulnerability allows unauthenticated attackers to remotely compromise customer-managed ShareFile StorageZones Controllers. It affects organizatio...
Jul 10, 2023CVE-2023-24485 allows a standard Windows user to escalate privileges to SYSTEM level on computers running Citrix Workspace app. This vulnerability aff...
Feb 16, 2023CVE-2021-44519 is an authenticated directory traversal vulnerability in Citrix XenMobile Server that allows authenticated attackers to escape director...
Apr 19, 2022CVE-2021-44520 is an authenticated command injection vulnerability in Citrix XenMobile Server that allows authenticated attackers to execute arbitrary...
Apr 13, 2022This vulnerability allows local attackers to escalate privileges on Linux systems running Citrix Workspace App with App Protection enabled. An attacke...
Feb 9, 2022An unauthenticated denial of service vulnerability in Citrix ADC (formerly NetScaler) allows attackers to temporarily disrupt the Management GUI, Nitr...
Dec 7, 2021CVE-2021-22941 is an improper access control vulnerability in Citrix ShareFile storage zones controller that allows unauthenticated attackers to remot...
Sep 23, 2021This vulnerability allows a user on a Windows Virtual Delivery Agent (VDA) with Citrix Profile Management or its WMI Plugin installed to escalate priv...
Aug 5, 2021This vulnerability in Citrix ADC, Gateway, and SD-WAN WANOP appliances allows attackers to consume all available disk space through resource exhaustio...
Aug 5, 2021CVE-2021-22914 is an information disclosure vulnerability in Citrix Cloud Connector where sensitive authentication parameters are stored in plaintext ...
Jun 16, 2021This critical vulnerability allows unauthenticated attackers to remotely compromise Citrix ShareFile Storage Zones Controller systems. It affects all ...
May 27, 2021This vulnerability allows local attackers to escalate privileges on Windows systems running vulnerable versions of Citrix Gateway Plug-in. Attackers c...
Dec 14, 2020This vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on Citrix SD-WAN Center appliances. It affects orga...
Nov 16, 2020Why Monitor Citrix Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 37+ known vulnerabilities affecting Citrix products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Citrix packages in under 60 seconds. No agents required - completely agentless scanning that works across Citrix deployments.
Free vulnerability database: Access detailed information about every Citrix CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Citrix CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
