FAQ on CitrixBleed (CVE-2023-4966) The Tenable Security...

FAQ on CitrixBleed (CVE-2023-4966)

The Tenable Security Response Team (SRT) have published a frequently asked questions (FAQ) blog post regarding CVE-2023-4966, also known as CitrixBleed.

Exploitation of CitrixBleed is simple, which is what makes it so dangerous. This vulnerability has been observed in mass exploitation attempts over the last month, including by uncategorized threat actors and affiliates of two ransomware groups, LockBit 3.0 and Medusa.

For more information about CitrixBleed, including the availability of patches and Tenable product coverage, we recommend reading our FAQ blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

FAQ on CitrixBleed (CVE-2023-4966) The Tenable Security...

Recent Discussions

FAQ on Exploited Zero-Day Flaws in Cisco ASA and FTD Devices (CVE-2025-20333, CVE-2025-20362)

Microsoft’s September 2025 Patch Tuesday Addresses 80 CVEs (CVE-2025-55234)

Frequently Asked Questions About Chinese State-Sponsored Actors Compromising Global Networks

CVE-2025-7775: Citrix NetScaler ADC and Gateway Zero-Day RCE Vulnerability Exploited in the Wild

CVE-2025-25256: Proof of Concept Released for Fortinet FortiSIEM Command Injection Vulnerability

Americas

Europe

Asia / Australia