452 CVEs

24 in CISA KEV

citrix Vulnerabilities

CVE security advisories and vulnerability history for citrix.

452

Total CVEs

Published

24

In CISA KEV

Exploited in the wild

60

Public exploits

With known exploit

7.1

Avg CVSS

2000–2026

Overview

citrix has 452 published CVE records since 2000, of which 24 are in CISA's Known Exploited Vulnerabilities catalog and 60 have a known public exploit. The average CVSS base score across scored CVEs is 7.1.

This page aggregates every publicly disclosed vulnerability (CVE) affecting citrix products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of citrix's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical19

High52

Medium58

Low0

323 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

24

24 of citrix's CVEs are confirmed exploited in the wild.

Public exploits

60

60 of citrix's CVEs have a known public exploit available.

Most affected products

The citrix products with the most published CVEs.

hypervisor62 CVEs
vsphere59 CVEs
enterprise linux kernel-based virtual machine57 CVEs
xenserver51 CVEs
netscaler gateway43 CVEs
virtual gpu41 CVEs
linux kernel39 CVEs
xen37 CVEs

Common weakness types

The CWE weakness categories most often found in citrix CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish citrix CVE records.

Disclosure activity by year

How many citrix CVEs were published each year.

2019

23

2020

44

2021

33

2022

40

2023

31

2024

30

2025

13

2026

1

Latest citrix CVEs

The most recently disclosed vulnerabilities affecting citrix.

Insufficient input validation leading to memory overread
CISA KEV
CWE-125
Critical · CVSS 9.3
EPSS 89.9%2026-03-23
Improper access control on the NetScaler Management Interface
CWE-1284
High · CVSS 8.7
EPSS 0.4%2025-08-26
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service
CWE-119
High · CVSS 8.8
EPSS 0.3%2025-08-26
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service
CISA KEV
CWE-119
Critical · CVSS 9.2
EPSS 7.8%2025-08-26
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
CWE-269
High · CVSS 7.3
EPSS 0.1%2025-07-08
Memory overflow vulnerability leading to unintended control flow and Denial of Service
CISA KEV
CWE-119
Critical · CVSS 9.2
EPSS 1.1%2025-06-25
Citrix Secure Access - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
CWE-269
High · CVSS 8.6
EPSS 0.1%2025-06-17
Citrix Workspace App for Windows - Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
CWE-269
High · CVSS 7.3
EPSS 0.1%2025-06-17
NetScaler Console and NetScaler SDX (SVM) - Arbitrary file read
CWE-1284
Medium · CVSS 6.9
EPSS 0.5%2025-06-17
NetScaler ADC and NetScaler Gateway - Improper access control on the NetScaler Management Interface
CWE-1284
High · CVSS 8.7
EPSS 0.9%2025-06-17
NetScaler ADC and NetScaler Gateway - Insufficient input validation leading to memory overread
CISA KEV
CWE-125
Critical · CVSS 9.3
EPSS 71.5%2025-06-17
An attacker can gain application privileges in order to perform limited modification and/or read arbitrary data
CWE-427
Medium · CVSS 5.8
EPSS 0.1%2025-02-20

Track new citrix CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor citrix CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

Atlassian471 CVEs HackerOne470 CVEs Hewlett Packard Enterprise (HPE)450 CVEs mediawiki441 CVEs tensorflow433 CVEs cpanel429 CVEs Trend Micro423 CVEs qemu423 CVEs

Browse all vendors

Frequently asked questions

Common questions about citrix vulnerabilities.

How many CVEs does citrix have?

citrix has 452 published CVE records since 2000, including 14 in the last two years.

How many citrix CVEs are in CISA KEV?

Yes — 24 of citrix's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which citrix products have the most CVEs?

The citrix products with the most published CVEs are hypervisor, vsphere, enterprise linux kernel-based virtual machine, xenserver, netscaler gateway.

What are the most common weakness types in citrix CVEs?

citrix's CVEs most often map to these CWE weakness types: CWE-269 (Improper Privilege Management), CWE-284 (Improper Access Control), CWE-476 (NULL Pointer Dereference), CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer).

Are there public exploits for citrix vulnerabilities?

Yes — 60 of citrix's CVEs have a known public exploit.

How many critical citrix vulnerabilities are there?

citrix has 19 critical and 52 high-severity CVEs.

What is the average severity of citrix CVEs?

The average CVSS base score across citrix's scored CVEs is 7.1.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track citrix vulnerabilities

Monitor new citrix vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing