Reporting a product security vulnerability

If you have identified a specific reproducible security vulnerability in a Citrix product then please send the following information to the Citrix Security Response team:

1. Details on the specific vulnerability, including the detailed setup and reproduction steps used to demonstrate the issue.
2. The versions and any associated configuration details of the components that are thought to be impacted.

The above details should be sent to the Citrix security response team using the [email protected] email address. Citrix recommends that vulnerability reports are encrypted using the PGP public key (fingerprint: 99FE 91C1 51A0 F7D5 4839 6044 351D 173A 623E 751C) attached to this document. Please note that the security response email address should only be used to report specific security vulnerabilities; general support queries sent to this address may not be responded to.