Citrix and NetScaler CVE coverage for ADC, Gateway, remote access, virtualization, and application delivery exposure.
Vendor watch hub
The Citrixwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.
At a glance
Tracked
Active
Featured
Unique CVEs
Most recent entry
Mar 29, 2026, 7:00 PM
Feed refreshes daily · 5:15 a.m. Central
Sources·CISA KEV and NVD (product vendor coverage)
"Most recent entry" is the newest item the upstream feed has published — not our sync time.
Watch items
Showing the 20 most recent items, newest first. Each row links to the official advisory.
20 rows · sorted newest first
Operations viewCitrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread.
Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service.
Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server.
Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain.
Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Known ransomware use: Known.
Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server.
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Known ransomware use: Known.
Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.
Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. Known ransomware use: Known.
Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.
Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. Known ransomware use: Known.
Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. Known ransomware use: Known.
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.
Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. Known ransomware use: Known.
Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. Known ransomware use: Known.
| Alert | Exposure | Status | Published | Source |
|---|---|---|---|---|
Citrix NetScaler Out-of-Bounds Read VulnerabilityCitrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread. NetScaler | criticalCVE-2026-3055 Critical | active | Mar 29, 2026, 7:00 PM | CISA KEVOpen source |
Citrix NetScaler Memory Overflow VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service. NetScaler | criticalCVE-2025-7775 Critical | active | Aug 25, 2025, 7:00 PM | CISA KEVOpen source |
Citrix Session Recording Deserialization of Untrusted Data VulnerabilityCitrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server. Session Recording | criticalCVE-2024-8069 Critical | active | Aug 24, 2025, 7:00 PM | CISA KEVOpen source |
Citrix Session Recording Improper Privilege Management VulnerabilityCitrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain. Session Recording | criticalCVE-2024-8068 Critical | active | Aug 24, 2025, 7:00 PM | CISA KEVOpen source |
Citrix NetScaler ADC and Gateway Out-of-Bounds Read VulnerabilityCitrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. Known ransomware use: Known. NetScaler ADC and Gateway | criticalCVE-2025-5777 Critical | active | Jul 9, 2025, 7:00 PM | CISA KEVOpen source |
Citrix NetScaler ADC and Gateway Buffer Overflow VulnerabilityCitrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. NetScaler ADC and Gateway | criticalCVE-2025-6543 Critical | active | Jun 29, 2025, 7:00 PM | CISA KEVOpen source |
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. NetScaler ADC and NetScaler Gateway | criticalCVE-2023-6549 Critical | active | Jan 16, 2024, 6:00 PM | CISA KEVOpen source |
Citrix NetScaler ADC and NetScaler Gateway Code Injection VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. NetScaler ADC and NetScaler Gateway | criticalCVE-2023-6548 Critical | active | Jan 16, 2024, 6:00 PM | CISA KEVOpen source |
Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. Known ransomware use: Known. NetScaler ADC and NetScaler Gateway | criticalCVE-2023-4966 Critical | active | Oct 17, 2023, 7:00 PM | CISA KEVOpen source |
Citrix Content Collaboration ShareFile Improper Access Control VulnerabilityCitrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. Content Collaboration | criticalCVE-2023-24489 Critical | active | Aug 15, 2023, 7:00 PM | CISA KEVOpen source |
Citrix NetScaler ADC and NetScaler Gateway Code Injection VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. Known ransomware use: Known. NetScaler ADC and NetScaler Gateway | criticalCVE-2023-3519 Critical | active | Jul 18, 2023, 7:00 PM | CISA KEVOpen source |
Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass VulnerabilityCitrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator. Application Delivery Controller (ADC) and Gateway | criticalCVE-2022-27518 Critical | active | Dec 12, 2022, 6:00 PM | CISA KEVOpen source |
Citrix SD-WAN and NetScaler Command Injection VulnerabilityAuthenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. SD-WAN and NetScaler | criticalCVE-2019-12991 Critical | active | Mar 24, 2022, 7:00 PM | CISA KEVOpen source |
Citrix SD-WAN and NetScaler SQL Injection VulnerabilityCitrix SD-WAN and NetScaler SD-WAN allow SQL Injection. SD-WAN and NetScaler | criticalCVE-2019-12989 Critical | active | Mar 24, 2022, 7:00 PM | CISA KEVOpen source |
Citrix ShareFile Improper Access Control VulnerabilityImproper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. Known ransomware use: Known. ShareFile | criticalCVE-2021-22941 Critical | active | Mar 24, 2022, 7:00 PM | CISA KEVOpen source |
Citrix StoreFront Server XML External Entity (XXE) Processing VulnerabilityCitrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. Known ransomware use: Known. StoreFront Server | criticalCVE-2019-13608 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass VulnerabilityCitrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation. Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | criticalCVE-2020-8193 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure VulnerabilityCitrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | criticalCVE-2020-8195 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution VulnerabilityCitrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. Known ransomware use: Known. Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | criticalCVE-2019-19781 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
Citrix Workspace Application and Receiver for Windows Remote Code Execution VulnerabilityCitrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. Known ransomware use: Known. Workspace Application and Receiver for Windows | criticalCVE-2019-11634 Critical | active | Nov 2, 2021, 7:00 PM | CISA KEVOpen source |
ITECS response pathways
These pathways connect the vendor watch feed into service-owner resources that already carry commercial authority.
Use the cybersecurity services pathway when this vendor alert needs an ITECS-managed response plan.
Connect the vendor watch page to broader managed detection, response, and governance planning.
Translate current watch items into a faster risk snapshot and prioritized remediation plan.
Return to the hub for cross-vendor prioritization, live filtering, and broader MSP threat context.
Vendor watch FAQ
It is the Citrix-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.
Use it to confirm whether current Citrix issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.
Yes. ITECS can help map Citrix advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.