XenServer Security Update for Multiple Issues

Severity: High Description of Problem Several issues have been identified that affect XenServer 8.4. These are: An issue that may, in some circumstances, allow a malicious privileged user in a guest VM to compromise the host. This issue has the following identifier: CVE-2026-23558 An issue that m...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368

Severity - Critical Description of Problem Vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions: The following supported versions of NetScaler ADC and NetScaler Gateway are...

XenServer Security Update for CVE-2026-4397

Severity: Medium Description of Problem An issue has been identified in XenServer 8.4 which, when starting a VM on a host with limited available memory, may allow a privileged user in that newly starting VM to access memory data of a previously terminated VM. This issue has the following...

XenServer Security Update for CVE-2026-23554

Severity: High Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to compromise the host. This issue has the following identifier: CVE-2026-23554 Affected Versions This issue affects XenServer 8.4. Note that XenServer 9.0 is in Public...

XenServer Security Update for CVE-2025-58151 and CVE-2026-23553

Severity:Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to become slow or unresponsive to management operations. This issue has the following identifier: CVE-2025-58151 A further issue has been identified ...

XenServer Security Update for CVE-2025-62626

Severity: Medium Description of Problem A hardware issue has been identified in AMD Zen 5 CPU devices that may cause those CPUs to return a value of zero more frequently than statistically expected when asked to generate a random value. This may compromise e.g. cryptographic keys that are generat...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-12101

Severity - Medium Description of Problem A vulnerability has been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway are affected ...

XenServer Security Update for CVE-2025-58147 and CVE-2025-58148

Severity: High Description of Problem Several issues have been identified in XenServer 8.4 that may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-2025-58147 CVE-2025-58148 Affected Versions These issues affect XenServer 8.4...

XenServer Security Update for CVE-2025-27466, CVE-2025-58142, CVE-2025-58143 and CVE-2025-58146

Severity: High Description of Problem Several issues have been identified in XenServer 8.4 that collectively may allow privileged code in a guest VM to compromise or crash the host. These issues have the following identifiers: CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 CVE-2025-58146 Affected...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424

Severity - Critical Description of Problem Multiple vulnerabilities have been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway a...

Windows Virtual Delivery Agent for CVAD and Citrix DaaS Security Bulletin CVE-2025-6759

Severity - High Description of Problem A vulnerability has been identified that impacts Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS. Affected Versions: The vulnerability affects the following supported versions of Windows Virtual Delivery Agent for...

XenServer Security Update for CVE-2024-36350 and CVE-2024-36357

Severity: Medium Description of Problem AMD has disclosed several security issues affecting AMD CPUs. These CPU hardware issues may allow code in a guest VM to infer some active memory content of another VM that is running on the same host. Although these are not vulnerabilities in the XenServer...

XenServer Security Update for CVE-2025-27465

Severity: Medium Description of Problem An issue has been identified in XenServer 8.4 that may allow privileged code in a guest VM to cause the host to crash or become unresponsive. This issue has the following identifier: CVE-2025-27465 Affected Versions This issue affects XenServer 8.4. Note th...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-6543

Severity - Critical Description of Problem A vulnerability has been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway are affecte...

Citrix Workspace app for Windows Security Bulletin CVE-2025-4879

Severity - High Description of Problem A vulnerability has been discovered that impacts the Citrix Workspace app for Windows. Affected Versions The vulnerability affects the following supported versions of the Citrix Workspace app for Windows Current Release CR Citrix Workspace app for Windows...

Citrix Secure Access Client for Windows Security Bulletin for CVE-2025-0320

Severity - High Description of Problem A vulnerability has been discovered in the Citrix Secure Access Client for Windows. Refer to below for further details: Affected Versions The following supported versions of Citrix Secure Access Client for Windows are affected: Citrix Secure Access Client fo...

NetScaler Console and NetScaler SDX (SVM) Security Bulletin for CVE-2025-4365

Severity - Medium Description of Problem A vulnerability has been discovered in NetScaler Console formerly NetScaler ADM and NetScaler SDX SVM . Refer to below for further details: Affected Versions The following supported versions of NetScaler Console are affected: NetScaler Console 14.1 BEFORE...

NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2025-5349 and CVE-2025-5777

Severity - Critical Description of Problem A vulnerability has been discovered in NetScaler ADC formerly Citrix ADC and NetScaler Gateway formerly Citrix Gateway. Refer below for further details. Affected Versions The following supported versions of NetScaler ADC and NetScaler Gateway are affecte...

Linux VDA login fail

The newly installed LVDA encountered a login failure. When launching the virtual desktop, the Linux login screen appears, but even after manually entering the correct username and password, the system fails to authenticate and proceed to the desktop environment...

Slow initial page load when connecting to Storefront after upgrading to 2411/2503

After installing StoreFront 2411/2503, connections made to the landing page for a Storefront Store i.e. https://example.com/Citrix/XenAppWeb, users experience a 6 second delay before the logon page fully loads...

Newly published App-V applications are not visible to end users

After most recent upgrade of Web Studio users are not able to see newly published App-V packages/applications. This issue affects only newly published App-V applications...

NetScaler-13.1-Warning "is_whitelisted_request - Dropping invalid http request" in ns.log

You may see warning message like below in ns.log and would like to know why this log exists. Aug 12 16:50:25 X.X.X.X 08/12/2024:07:50:25 GMT XXX 0-PPE-2 : default SSLVPN Message 918225 0 :"iswhitelistedrequest - Dropping invalid http request:|/v1|"...

ADC-The hostname of Citrix ADC instance is not displayed in ADM

When we add ADC into ADM, the page of adding ADC to ADM may stuck at "Trying to connect XXX". If we open a new page to check ,we may notice that ADC is added to ADM , but the hostname is not displayed. And we may found the masinventory process is not running as no output is displayed for the...

NetScaler-13.1-Mastool version in Secondary node is showed as 0.0-0.0

Mastool version in Secondary node is showed as 0.0-0.0. The command to check mastool version in NetScaler is as below. shellcat /var/mastools/version.txt 0.0-0.0...

Problem with the memory dump on MPX

Platform details exec: show ns hardware Platform: NSMPX-8900 8CPU+32GB+4F1X+6E1K+1E1K+1COL 8955 30010 Manufactured on: 8/7/2021 CPU: 2100MHZ Host Id: xxxxxxxx Serial no: xxxxxxxx Encoded serial no: xxxxxxxxxx Netscaler UUID: xxxxxxxxxxxx BMC Revision: 4.61 Pasting ns.log.2 output for cleaner logs...

NetScaler-13.1-Error "Not logged in" is displayed in console or SSH session to NetScaler

You may see error "Not logged in" displayed in the console session to NetScaler and you are not able to run any commands in this console session. Similar issue may also happen with SSH session to NetScaler...

ADC-13.1-Rate limit gets hit unexpectedly when a rate limit identifier is used in different policies

When we invoke one rate limit identifier from different polices, the rate limit gets hit unexpectedly. The example config is as below: add stream selector IPURLSelector HTTP.REQ.URL CLIENT.IP.SRCadd ns limitIdentifier LIMITIPURL -threshold 3 -selectorName IPURLSelectoradd audit messageaction...

HTTPS access to NetScaler Console is failed after installing a new certificate

HTTPs access to NetScaler Console failed after installing a new certificate from GUI System -Administration -Install SSL Certificate in NetScaler Console...

Citrix Monitor: user logon time is really high due authentication time

When checking Citrix Director or DaaS Monitoring, on user's Logon Performance, we can see that the Average Logon Duration is high Checking in individual user's logon, Authentication time is really high for some users, what increases the average time...

NetScaler-13.1-How to limit the IP subnets to access LB vServer with responder policy in NetScaler?

How to allow only specified IP subnets to access LB virtual server with responder policy in NetScaler?...

Citrix DaaS: ICA Launch might fail because of Zone misconfiguration when Connectors are in LHC mode

Session Launch might fail because of Zone misconfiguration when Connectors are in LHC mode. The issue may occur if configured resources are in the Initial Zone. A Zone is equivalent to a resource location. When you create a resource location and install a Cloud Connector, a zone is automatically...

Netscaler-13.1-Security scanner reported "Cacheable SSL Page Found" for gateway virtual server

Security scanner reported "Cacheable SSL Page Found" for gateway virtual server. The detailed content reported by the scanner is as below: ------------------------------ The application has responded with a response that indicates the page should be cached, but cache controls aren't set you can...

Browser is prompted to install Citrix Workspace lite.

Receiving prompt to install Citrix Workspace lite when accessing store URL When accessing workspace we see that as Citrix workspace lite However, the installed app is Citrix Workspace app...

Citrix Director Infrastructure Monitoring - Incorrect IIS Certificate Validity status

When admin checks Storefront metrics in Citrix Director under Infrastructure Monitoring, incorrect IIS Certificate Validity status is displayed. All other metrics are displayed correctly. Example: StoreFront Details: Storefront is configured with correct certificate and a certificate chain is...

NetScaler: FQDN based service is Down

FQDN based service is not coming UP and showing Server State as DOWN The Monitor status might be "Domain name not resolved" But from CLI, if you tried to resolve the hostname it might show the response...

Citrix Director Infrastructure Monitoring – License Server Connection status is not available

When admin checks Delivery Controller data in Citrix Director - Infrastructure Monitoring, the license server related information is not available. All other metrics are displayed correctly. License Server is configured correctly and there are no issues with licenses. CVAD Site is functioning...

NetScaler 14.1 - STA server marked down

STA server status is Down on Gateway vserver though it is reachable from the NetScaler...

NetScaler Gateway-13.1-Launching ICA session got stuck with client authentication enabled

You may stuck at the ICA session launching process when you enable client authentication in Gateway virtual server...

DaaS - Change master image it fails with "ProvisioningTaskError"

Unable to update DaaS Machine Catalog - Access Machine Catalog "Change master image" it fails with "ProvisioningTaskError" ErrorMessage - HandleExplicitStorage Failed Error retrieving item from path ""...

NetScaler-How to return a customized error page when the LB is Out Of Service

How to return a customized error page when the LB is Out Of Service in NetScaler...

NetScaler-13.1-How to implement authorization policy for Oauth user groups

In Oauth response, the user groups can be carried in the response with customized field. However, we can't relate the string of group to the group attribute of the user. We may have question for how to apply authorization policy for Oauth user groups. In this example, the default authorization...

ADC-13.1-How to support multiple domain SSO to StoreFront with user "distinguishedName" attribute

How to support multiple domain SSO to StoreFront from NetScaler with user "distinguishedName" attribute...

Session Freeze Randomly During a Teams Video Call

A User's Session may freeze for around 5-10 Seconds while participating in a Teams call with multiple participants with Simulcast enabled. The session will show no issues after rejoining the call after the initial freeze...

NetScaler-13.1-How to remove the "Server" header in the response with rewrite policy

How to remove the "Server" header in the response which exposes the server type information...

NetScaler-13.1-EPA scan failed with "Error while parsing client security configuration"

EPA scan failed with "Error while parsing client security configuration" in EPA log. ---------------------------- 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | token: |^M 2025-02-19 09:03:50.706 | 21708 | DEBUG | D | PRE AUTH EPA | Policy MACADDRanyofF8BXXXXXX28A returned 2004 |^M...

After updating MCS Catalog no changes are made to the VMs in the catalog

MCS catalog can be updated with a new master image with no errors. Howver when the VMs are rebooted from the DAAS console the VMS are not updated with the new image...

SAML URL monitor to login.microsoftonline.com is down

Continuous error logs on the Netscaler dashboard as below "8699 77 PPE-0 DBSMonServiceBindinglogin.microsoftonline.com:443tcp-defaultvpndbssvc1339998057: DOWN; Last response: Failure - Time out during TCP connection establishment stage"...

FIDO2 Authentication Does Not Work With Webpages Opened Using Microsoft Edge

Users are not able to Authenticate to a website that requires FIDO2 Authentication using a Yubikey when using Edge on VDA Devices. The users are constantly prompted to select a Smartcard device. The same users are able to Authenticate onto the same website using Chrome or Firefox inside the same...

DaaS-Hosting-Failed to update the master image associated with the provisioning scheme.

While changing Master Image in AWS throwing an error "Failed to update the master image associated with the provisioning scheme." Export of error details: Transaction ID: xxxxxxxxxxxxxxxxx Action Name: MCUpdateMachineCatalog Exception: StudioErrorId : ProvisioningTaskError ErrorCategory :...

Citrix Session Printers are not mapped after logon

Unable to connect the printer from user end. Session printers are not mapped with following event in the Application event log: Event id: 1105 Cloud not add printer connection to printer \\, for the user username. Error condition is: The Printer name is invalid...