Vendor scorecard
Citrix
Citrix security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: citrix
Product families
1
Open in latest
15
Inferred — see methodology
Last disclosure
Jun 30, 2026
01
Product categories
1 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| NetScaler ADC/GatewayApplication Delivery / ADC · Secure Remote Access / VPN · Zero-Trust / ZTNAnetscaler_application_delivery_controller, netscaler_gateway, netscaler_adc | 62 | 15 | 14.1-72.61HIGH |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-8655(opens NVD record) | Critical | 9.8 | Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursive resolver deployment | Jun 30, 2026 |
| CVE-2026-8452(opens NVD record) | Critical | 9.8 | Memory overflow vulnerability NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if the appliance is configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server | Jun 30, 2026 |
| CVE-2026-8451(opens NVD record) | High | 7.5 | Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP | Jun 30, 2026 |
| CVE-2026-13474(opens NVD record) | High | 7.5 | Denial of service via malformed HTTP/2 requests in NetScaler ADC and NetScaler Gateway if HTTP/2 is enabled in HTTP Profile and associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler | Jun 30, 2026 |
| CVE-2026-10817(opens NVD record) | High | 7.5 | Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server (of type LB, CS, VPN) or the service configured on NetScaler | Jun 30, 2026 |
| CVE-2026-10816(opens NVD record) | High | 7.5 | Arbitrary File Read (Unauthenticated) in NetScaler ADC and NetScaler Gateway if the access to NSIP, Cluster Management IP or SNIP with management access is enabled | Jun 30, 2026 |
| CVE-2026-3055(opens NVD record) | Critical | 9.8 | Insufficient input validation in NetScaler ADC and NetScaler Gateway when configured as a SAML IDP leading to memory overread | Mar 23, 2026 |
| CVE-2025-7776(opens NVD record) | Critical | 9.8 | Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it | Aug 26, 2025 |
| CVE-2025-7775(opens NVD record) | Critical | 9.8 | Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with IPv6 services or servicegroups bound with IPv6 servers (OR) NetScaler ADC and NetScaler Gateway 13.1, 14.1, 13.1-FIPS and NDcPP: LB virtual servers of type (HTTP, SSL or HTTP_QUIC) bound with DBS IPv6 services or servicegroups bound with IPv6 DBS servers (OR) CR virtual server with type HDX | Aug 26, 2025 |
| CVE-2025-6543(opens NVD record) | Critical | 9.8 | Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | Jun 25, 2025 |
| CVE-2025-5777(opens NVD record) | High | 7.5 | Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server | Jun 17, 2025 |
| CVE-2025-5349(opens NVD record) | High | 8.8 | Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway | Jun 17, 2025 |
37 CVEs · 1 product families