Thank you

We welcome the input on the security posture of our products and services. Every report is reviewed and addressed by our security professional staff. To help route the reported issue to the correct team, please carefully review your options below.

Several resources are available to provide information on the security of Citrix products:

For more information, please contact Citrix Technical Support:

Open a support case

If you suspect abuse from any communication purporting to originate from Citrix, such as fraudulent contact, improper content, and insertion of fraudulent links or malware, please contact Citrix using the email link below.

Report suspected abuse

If information is needed on the impact of a CVE on a Citrix product or service, please raise a support request through your normal Citrix support channel. Please include the Common Vulnerabilities and Exposures (CVE) reference, see the National Vulnerability Database or the relevant Citrix security bulletin article number when submitting the request.

Open a support case

If information is needed on the impact of a CVE on a Citrix product or service, please raise a support request through your normal Citrix support channel. Please include the Common Vulnerabilities and Exposures (CVE) reference, see the National Vulnerability Database or the relevant Citrix security bulletin article number when submitting the request.

Open a support case

For help analyzing the results of a security test, please raise a support request through your normal Citrix support channel where it will be reviewed by a dedicated team. Please include details on the specific versions and configuration of the products that were tested as well as details on how the test was conducted and the findings can be reproduced.*

Open a support case

If you have identified a specific reproducible security vulnerability in a Citrix product or service, you may report it to the Citrix Security Response Team through the vulnerability response program.

Submit a product vulnerability

Citrix also has a bug bounty program where security researchers are rewarded for finding bugs in certain Citrix services.

More information is available at https://hackerone.com/citrix.**

If you are using a Citrix-managed cloud service and suspect your data may have been compromised or if you observe inconsistency or inaccuracy in your data, please report it to Citrix as soon as possible.

Report a data compromise

* Citrix recommends that vulnerability reports are encrypted using the PGP public key (fingerprint: 99FE 91C1 51A0 F7D5 4839 6044 351D 173A 623E 751C). When submitting a finding, please include as much detail as possible to aid with reproduction, testing, and resolution. Download the PGP key

Citrix will treat all information received as confidential. Internal distribution is limited to those individuals who have a legitimate need to know and can actively assist in the resolution. Similarly, Citrix asks reporters to maintain strict confidentiality until complete resolutions are available for customers and have been published on the Citrix website.

** Only valid reports submitted through the bug bounty program will be eligible for a financial reward. The Citrix Security Response Team are unable to respond to questions about bug bounty scope or submissions, these should be directed to the bug bounty team at HackerOne.