CVE-2026-39425

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

CVE-2026-39425

CVE-2026-39425 affects MaxKB (enterprise AI assistant). Versions 2.7.1 and earlier allow Stored XSS via unsanitized tags in the Application prologue, stored through /admin/api/workspace/{workspace_id}/application and rendered by the frontend via innerHTML, enabling persistent XSS and potential s...

PT-2026-32584

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting XSS vulnerability that allows authenticated users to inject arbitrary HTML and JavaScript into the Application prologue Opening Remarks field by wrapping malicious payloads in tags...

NetScaler Gateway - App launch failure Error: "Session reconnection timeout"

Users attempts to launch an application externally via NetScaler Gateway and observed the below error Application launch fails consistently and the behavior is same with both web browser and the Citrix Workspace Application...

CVE-2023-6588

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace application to access credentials when offline...

CVE-2023-2257

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" securi...

How to find projected release dates for new versions of workspace app.

How to find projected release dates for new versions of workspace app...

Cannot complete request when accessing HTTPS Storefront URL

When users access the storefront webpage they get an error saying "cannot complete request" on the detect workspace app / receiver web page...

Unable to Logon to Workspace Application externally, throws error "Unable to connect to the server"

Unable to connect to the server on Citrix workspace client when logging into it. It throws an error "unable to connect to the server". This happens on the Citrix Workspace app. However, when we use the workspace URL on the browser, then, we can authenticate successfully and also launch...

Unable to launch virtual application/desktop using Workspace app for HTML5

When launching a virtual application/desktop using the Citrix Workspace app for HTML5, there is a silent failure to launch...

Unable to Launch Applications or Desktops Using HTTPS URL via Workspace App for HTML5

When using StoreFront or Cloud Workspace with Workspace App for HTML5 through an HTTPS URL, applications and desktops cannot be started. One of the following error messages is displayed: “Cannot create a secure connection in this browser. Refer to the Citrix Knowledge Center article CTX134123.”...