- Product: Citrix Secure Access Client for Windows
- Vulnerabilities: 2 flaws (CVE-2026-53565, CVE-2026-53566)
- Highest severity: 8.5 (High · CVSSv4)
- Worst impact: Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges
- Status: No confirmed exploitation yet; patches available
- Action: Update to 26.6.1.20, 26. 5.1.7 now
| CVE | CVSS | Type | Fixed in | Status |
|---|---|---|---|---|
| CVE-2026-53565 | 8.5 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges | 26.6.1.20, 26. 5.1.7 | Not exploited |
| CVE-2026-53566 | 6.8 | Out-of-bounds memory read | 26.6.1.20 | Not exploited |
TL;DR
Cloud Software Group published bulletin CTX696734 for two flaws in Citrix Windows clients. CVE-2026-53565, a Citrix Secure Access vulnerability, lets a standard user escalate to SYSTEM privileges. Updated releases of the Secure Access and Endpoint Analysis clients fix both issues.
Why It Matters
These clients run on large fleets of corporate Windows endpoints for VPN access and device posture checks. A local privilege escalation turns any low-privileged foothold, such as commodity malware, into full machine control. Citrix has not confirmed in-the-wild exploitation or a public proof-of-concept for either flaw.
How the Attacks Work
CVE-2026-53565: Privilege Escalation to SYSTEM
The flaw stems from improper privilege management (CWE-269) in both Windows clients. An attacker with standard user access can abuse the client to run with SYSTEM privileges, according to the Citrix security bulletin. It scores 8.5 (High) on CVSS v4.0.
CVE-2026-53566: Out-of-Bounds Memory Read
The second issue is an out-of-bounds read (CWE-125) in the Secure Access Client. Exploitation requires standard user access and a system where the DNE driver is not installed. Successful attacks can expose sensitive memory contents. Citrix rates it 6.8 (Medium) on CVSS v4.0.
Affected Versions
Citrix Secure Access Client for Windows versions before 26.6.1.20 are affected by both CVEs. In addition, Citrix Endpoint Analysis Client for Windows versions before 26.5.1.7 carry the privilege escalation flaw.
Patch and Mitigation
Upgrade the Secure Access Client to 26.6.1.20 or later and the Endpoint Analysis Client to 26.5.1.7 or later. Meanwhile, admins can check NetScaler Gateway plug-in documentation to confirm DNE driver status on their endpoints. Prompt patching closes this Citrix Secure Access vulnerability across managed devices.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.