Citrix Xenserver vulnerabilities

CVE-2019-18225 [CRITICAL] Citrix Security Bulletin CTX261055 Citrix Security Bulletin CTX261055 CVE References: CVE-2019-18225, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2020-8257 [CRITICAL] Citrix Security Bulletin CTX282684 Citrix Security Bulletin CTX282684 CVE References: CVE-2020-8257, CVE-2020-8258, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2023-24483 [HIGH] CWE-269 Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 Citrix Virtual Apps and Desktops Security Bulletin for CVE-2023-24483 Vulnerability Type Pre-conditions CVE-2023-24483 Privilege Escalation to NT AUTHORITY\SYSTEM on the vulnerable VDA CWE-269: Improper Privilege Management Local access to a Windows VDA as a standard Windows user The vulnerability affects the following supported versions of Citrix Virtual Apps and Desktops: Current Release (CR) C

CVE-2022-21827 [HIGH] CWE-284 Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827 Citrix Gateway Plug-in for Windows Security Bulletin for CVE-2022-21827 CWE Pre-conditions CVE-2022-21827 Arbitrary corruption or deletion of files as SYSTEM CWE-284: Improper Access Control Local access to a machine that has the vulnerable plug-in installed The following supported versions of Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) are affected by this vulnerabili

CVE-2005-3652 [HIGH] Citrix Security Bulletin CTX108354 Citrix Security Bulletin CTX108354 CVE References: CVE-2005-3652, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2021-22956 [HIGH] MaxClient on Httpd MaxClient on Httpd CVE References: CVE-2021-22956 Affected Products: Citrix ADC, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler Gateway, XenServer Remediation: To address this issue, a setting, 'maxclientForHttpdInternalService', has been introduced in the following versions: Citrix ADC and Citrix Gateway 13.1-4.43 and later releases of 13.1 Citrix ADC and Citrix Gateway 13.0-83.27 and later releases of 13.0 Citrix ADC and Citrix Gateway 12.1-63.22 and

CVE-2005-3134 [HIGH] Citrix Security Bulletin CTX107705 Citrix Security Bulletin CTX107705 CVE References: CVE-2005-3134, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2021-44519 [HIGH] CWE-20 Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151 Citrix Endpoint Management (XenMobile Server) Security Bulletin for CVE-2021-44519, CVE-2021-44520, and CVE-2022-26151 CWE Pre-conditions CVE-2021-44519 Unauthorized access to the underlying OS CWE-284: Improper Access Control A XenMobile console user must have either an admin role or a custom role that has ‘Create Support Bundles’ enabled. These pe

CVE-2019-13608 [HIGH] CVE-2019-13608 - XML External Entity (XXE) Processing Vulnerability in Citrix StoreFront Server CVE-2019-13608 - XML External Entity (XXE) Processing Vulnerability in Citrix StoreFront Server of Problem An XML External Entity (XXE) processing vulnerability has been identified in Citrix StoreFront Server that could allow an unauthenticated attacker to retrieve potentially sensitive information from the server. This vulnerability has been assigned the following CVE number: •

CVE-2016-4810 [HIGH] Citrix Security Bulletin CTX213045 Citrix Security Bulletin CTX213045 CVE References: CVE-2016-4810, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2016-6273 [HIGH] CVE-2016-6273 - Denial of Service Vulnerability in Citrix License Server CVE-2016-6273 - Denial of Service Vulnerability in Citrix License Server of Problem A vulnerability has been identified in the Citrix License Server for Windows and Citrix License Server VPX that could allow a remote, unauthenticated attacker to crash the License Server. This vulnerability affects all versions of Citrix License Server for Windows and Citrix License Server VPX earlier than version 11.14

CVE-2015-7999 [HIGH] Citrix Security Bulletin CTX203787 Citrix Security Bulletin CTX203787 CVE References: CVE-2015-7999, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2016-9028 [HIGH] Citrix Security Bulletin CTX218361 Citrix Security Bulletin CTX218361 CVE References: CVE-2016-9028, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2008-5882 [HIGH] Vulnerability in Citrix Broadcast Server could result in SQL injection Vulnerability in Citrix Broadcast Server could result in SQL injection of Problem A vulnerability has been identified in the Web-based management interface of Citrix Broadcast Server, a component of the Citrix Application Gateway, that could result in arbitrary SQL query execution. This vulnerability affects the following products: • Citrix Application Gateway – Broadcast Server (Cisco) up to and includi

CVE-2007-4017 [HIGH] Citrix Security Bulletin CTX113817 Citrix Security Bulletin CTX113817 CVE References: CVE-2007-4017, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2007-0444 [HIGH] Citrix Security Bulletin CTX111686 Citrix Security Bulletin CTX111686 CVE References: CVE-2007-0444, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2018-5314 [HIGH] Citrix Security Bulletin CTX232199 Citrix Security Bulletin CTX232199 CVE References: CVE-2018-5314, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer

CVE-2024-12284 [HIGH] CWE-269 NetScaler Console and NetScaler Agent Security Bulletin for CVE-2024-12284 NetScaler Console and NetScaler Agent Security Bulletin for CVE-2024-12284 of Problem A vulnerability has been discovered in NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. Refer to below for further details: CVE References: CVE-2024-12284 Affected Products: NetScaler Agent, NetScaler Console, XenServer Severity: High CVSS Score: 8.8 Remediation: Cloud Software Group strong

CVE-2021-22955 [HIGH] CWE-400 Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update Citrix Application Delivery Controller and Citrix Gateway Edition appliance Security Update CWE CVE References: CVE-2021-22955, CVE-2021-22956 Affected Products: Citrix ADC, Citrix Application Delivery Controller, Citrix Gateway, Citrix SD-WAN WANOP, NetScaler ADC, NetScaler Gateway, SD-WAN, XenServer Severity: Critical

CVE-2017-14602 [HIGH] Citrix Security Bulletin CTX227928 Citrix Security Bulletin CTX227928 CVE References: CVE-2017-14602, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397 Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer