CVE-2026-7714 crocodilestick Calibre-Web-Automated Admin Endpoint cwa_functions.py missing authentication

A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwafunctions.py of the component Admin Endpoint. This manipulation causes missing authentication. It is possible to initiate the attack remotely. The...

PT-2026-36742

Name of the Vulnerable Software and Affected Versions crocodilestick Calibre-Web-Automated versions prior to 4.0.7 Description A flaw in the Admin Endpoint component, specifically within the cps/cwa functions.py file, allows for missing authentication. This issue enables a remote attacker to bypa...

CWA 2503 for MAC - Error “There is no Citrix SSL server configured on the specified address

Issue with a users who is unable to launch applications from Citrix Workspace for Mac. When trying to launch an application, the following error is displayed: “Failed to start. There is no Citrix SSL server configured on the specified address.” Issue only occurring for CWA Mac...

Users experiencing greyed out "Log Off" buttons on CWA LTSR 2203.1

Upgraded Workspace app for Windows from 2203.1 to 2402 CU2...

CWA for Windows (2409) crashes or no sound when playing audio with Adaptive Audio disabled

When Adaptive Audio is disabled, the following errors may be encountered. CWA Windows session will suddenly crash when playing audio CWA Window session will not have any audio playback sound...

Launch of Resources from CWA 2402,2403 or 2405 may fail if MSTeams Citrix plugin is installed

Affected versions : CWA release 2402, 2403 or 2405 When launching a published Desktop users are presented with a grey window momentarily. This then closes but shows connected in connection center Application launches will simply fail but the below error will be observed in the event logs In the...

Citrix Workspace App for Windows restarts after .NET upgrade

Citrix Workspace App Restart Issue: Mitigating .NET Runtime Upgrade Impact If the user endpoint updates the .NET Desktop Runtime, any .NET Core-based app running at the time of the update might exhibit inconsistent behavior. To mitigate this issue, Citrix Workspace App restarts itself. Behavior o...

Failed to open the resources after the upgrading CWA for Windows to 2409

After upgrading CWA Windows to 2409, if any PNAgent stores are configured e.g.,https://url/citrix/store/pnagent/config.xml , CWA shows an error message on refresh or sign-in stating, “To resolve this issue, contact your helpdesk with this information: Error while parsing.”...

Spinning wheel during store access for German users, after Storefront upgrade from 2402 to 2402 CU1

Issue: After upgrading Storefront from 2402 to 2402 CU1, German language users may experience a spinning wheel during store access. This does not apply when upgrading from earlier versions of StoreFront, such as from 2203 to 2402 CU1. Symptoms or Error: The developer tool shows Http 404 error for...

Cisco IOS XE Software for Wireless Controllers CWA Pre-Authentication ACL Bypass Vulnerability

A vulnerability in the Central Web Authentication CWA feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticated, adjacent attacker to bypass the pre-authentication access control list ACL, which could allow access to network resources before user authentication. Thi...

CWA Windows 24.3 error "Unable to connect to the server. Check your network connection and retry"

After upgrade from CWA 23.9.1.104 to CWA 24.3.1.97 users cannot login on CWA Windows with error "Unable to connect to the server. Check your network connection and retry." The URL used for CWA is for NetScaler Gateway and is set via GPO...

Performance issues with Intel GPUs and Citrix Workspace App

Customers using the Citrix Workspace App with Intel Arc GPUs and Intel GPU driver version 4824 could experience performance issues and lag The performance issues are present in Intel Arc A-series GPUs and Intel Core Ultra with built-in Arc GPUs, for example: Intel Arc A-Series Graphics Intel Arc...

GO-2024-3081 CWA-2024-006: wasmd non-deterministic module_query_safe query in github.com/CosmWasm/wasmd

CWA-2024-006: wasmd non-deterministic modulequerysafe query in github.com/CosmWasm/wasmd...

CWA-2024-005: Stackoverflow in wasmd

Component: wasmd Criticality: High ACMv1: I:Critical; L:Likely Patched versions: wasmd 0.53.0, 0.46.0 See CWA-2024-005 for more details...

CWA-2024-006: wasmd non-deterministic module_query_safe query

Component: wasmd Criticality: Medium ACMv1: I:Moderate; L:Likely Patched versions: wasmd 0.53.0 See CWA-2024-006 for more details...

Citrix ADC - EPA Scans failing after library upgrade for CWA version check

EPA libraries from Jan 18 OPSWAT version 4.3.3906.0 failing EPA checks for CWA version. If the EPA library version is downgraded to the Nov 2023 libraries OPSWATversion 4.3.3801.0, EPA check is working as expected...

CWA 2405: Application launch fails after upgrading to CWA 2405

After upgrading CWA to 2405 app launch may fail with "Internal error" or "Connection Timeout". The issue is seen more frequently while trying to launch multiple applications at the same time. The ICA file gets downloaded but after sometime, "Connection timeout" error is seen. Sometimes, the first...

CWA 2402 - Microsoft Teams VDI plugin is not shown for Non-Admin user

When installing Citrix Workspace app 2402 LTSR for Windows CWA or later version with Administrator privileges, all the three Add-ons single sign-on, App Protection, Microsoft Teams VDI plugin are shown. But if installing CWA 2402 with non-admin user, all the three Add-ons are not shown...

Published apps are not displaying content of local file when opened via FTA launcher of CWAforLinux

When opening local files using File Type Association FTA launcher of CWA Linux, the corresponding application launches fine, but with blank document instead of showing the content of the local file...

How to enable the picture copy/paste operations between CWA client and VDA

This article describes how to restrict the copy/paste operations between CWA client and VDA, only keeping the picture copy/paste enabled...