PT-2026-5910

GreyNoise сообщает о детектировании скоординированной разведывательной кампании, нацеленной на инфраструктуру Citrix NetScaler, в которой задействовались десятки тысяч резидентных прокси-серверов для выявления панелей авторизации. Активность наблюдалась в период с 28 января по 2 февраля и также...

PT-2026-6087

Name of the Vulnerable Software and Affected Versions Citrix Emergency Sharing versions prior to SMR Feb-2026 Release 1 Description An improper access control issue exists in Emergency Sharing. This allows local attackers to interrupt the functionality of the service. Recommendations Update to SM...

📄 NetScaler 14.1 Vulnerability Scanner

This Metasploit module scans for vulnerable Citrix NetScaler ADC instances affected by the memory overflow noted in CVE-2025-6543. It identifies vulnerable versions through SNMP and SSH banner grabbing...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Citrix Netscaler_Application_Delivery_Controller

CTT-Citrix-RCE-v1.0---Convergent-Time-Theory-Enhanced-Exploit...

PT-2026-4277

Edge Crisis: CISA added two critical vulnerabilities to the Known Exploited Vulnerabilities catalog yesterday. CVE-2026-21809 and CVE-2026-21810 target Citrix Workspace and Ivanti Connect Secure. Federal agencies have until February 11 to remediate...

PT-2026-4276

Edge Crisis: CISA added two critical vulnerabilities to the Known Exploited Vulnerabilities catalog yesterday. CVE-2026-21809 and CVE-2026-21810 target Citrix Workspace and Ivanti Connect Secure. Federal agencies have until February 11 to remediate...

PT-2026-4337

CVE-2026-23916 - Citrix NetScaler Denial of Service CVE ID : CVE-2026-23916 Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-4333

CVE-2026-23912 - Citrix NetScaler Unvalidated Redirect CVE ID : CVE-2026-23912 Published : Jan. 20, 2026, 5:16 a.m. | 1 hour, 29 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE-2021-22956

An uncontrolled resource consumption vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 that could allow an attacker with access to NSIP or SNIP with management interface access to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

CVE-2021-22907

An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4...

CVE-2021-22928

A vulnerability has been identified in Citrix Virtual Apps and Desktops that could, if exploited, allow a user of a Windows VDA that has either Citrix Profile Management or Citrix Profile Management WMI Plugin installed to escalate their privilege level on that Windows VDA to SYSTEM...

CVE-2021-22919

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to the limited available disk...

CVE-2021-22955

A unauthenticated denial of service vulnerability exists in Citrix ADC 13.0-83.27, 12.1-63.22 and 11.1-65.23 when configured as a VPN Gateway or AAA virtual server could allow an attacker to cause a temporary disruption of the Management GUI, Nitro API, and RPC communication...

CVE-2021-22920

A vulnerability has been discovered in Citrix ADC formerly known as NetScaler ADC and Citrix Gateway formerly known as NetScaler Gateway, and Citrix SD-WAN WANOP Edition models 4000-WO, 4100-WO, 5000-WO, and 5100-WO. These vulnerabilities, if exploited, could lead to a phishing attack through a...

CVE-2022-26355

Citrix Federated Authentication Service FAS 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module TPM to incorrectly store that key in the Microsoft Software Key Storage Provider MSKSP. This issue only...

CVE-2022-26151

Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection...

CVE-2019-18225

An issue was discovered in Citrix Application Delivery Controller ADC and Gateway before 10.5 build 70.8, 11.x before 11.1 build 63.9, 12.0 before build 62.10, 12.1 before build 54.16, and 13.0 before build 41.28. An attacker with management-interface access can bypass authentication to obtain...

CVE-2019-18177

In certain Citrix products, information disclosure can be achieved by an authenticated VPN user when there is a configured SSL VPN endpoint. This affects Citrix ADC and Citrix Gateway 13.0-58.30 and later releases before the CTX276688 update...

CVE-2019-11345

Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center 10.0.x before 10.0.7 allow XSS...

CVE-2020-7473

In certain situations, all versions of Citrix ShareFile StorageZones aka storage zones Controller, including the most recent 5.10.x releases as of May 2020, allow unauthenticated attackers to access the documents and folders of ShareFile users. NOTE: unlike most CVEs, exploitability depends on th...