Citrix NetScaler ↗
Citrix · Network / Security
2/100 Critical · exploited
Summary iPlain-English security verdict for Citrix NetScaler, generated from its current health score, actively-exploited vulnerabilities, and latest supported version.
Citrix NetScaler currently scores 2/100 — critical, with active exploitation. 8 of its known vulnerabilities are being actively exploited in the wild (CISA KEV), including CVE-2023-4966. Upgrade immediately and review your exposure to the actively-exploited CVEs below.
Disclosure trend iNew CVEs published for Citrix NetScaler each year (NVD). A higher bar means more disclosures that year — more scrutiny, not necessarily less safe.
'19
'20
'21
'22
'23
'24
'25
'26
⚠ 3 of its known vulnerabilities are linked to ransomware campaigns (CISA KEV).
Patch priority — what to act on iThe issues to fix first — actively exploited (CISA KEV) first, then by exploitation probability (EPSS), then severity. Each row's "→ fixed in" is the earliest version that patches it; "see advisory" means no fixed version is published.
Most urgent first — actively exploited, then likeliest to be exploited.
CVE-2023-4966 CRITICAL ● exploited ⚠ ransomware Memory corruption EPSS 94% → fixed in 14.1-8.50 CVE-2023-3519 CRITICAL ● exploited ⚠ ransomware Code injection EPSS 93% → fixed in 13.1-49.13 CVE-2026-3055 CRITICAL ● exploited Out-of-bounds read EPSS 90% → fixed in 14.1-60.58 CVE-2023-6549 HIGH ● exploited Memory corruption EPSS 80% → fixed in 14.1-12.35 CVE-2025-5777 HIGH ● exploited ⚠ ransomware Out-of-bounds read EPSS 65% → fixed in 14.1-43.56 CVE-2025-7775 CRITICAL ● exploited Memory corruption EPSS 8% → fixed in 14.1-47.48 CVE-2023-6548 MEDIUM ● exploited Code injection EPSS 6% → fixed in 14.1-12.35 CVE-2025-6543 CRITICAL ● exploited Memory corruption EPSS 1% → fixed in 14.1-47.46 CVE-2025-7776 CRITICAL Memory corruption EPSS 0% → fixed in 14.1-47.48ℹ lifecycle unknown — needs latest supported version