VYPR
patchPublished Jul 18, 2026· 1 source

Citrix Secure Access and Endpoint Client Vulnerabilities Allow Privilege Escalation

Two vulnerabilities in Citrix Secure Access Client and Endpoint Analysis Client for Windows could allow local attackers to escalate privileges to SYSTEM level.

Cloud Software Group has disclosed two significant security vulnerabilities affecting its Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows. The more severe of the two, CVE-2026-53565, carries a CVSS v4.0 score of 8.5 and allows a local, low-privileged user to escalate their privileges to the highest level, SYSTEM, on affected machines. This flaw, stemming from improper privilege management (CWE-269), requires only local access, low complexity, and no user interaction to achieve a full compromise of confidentiality, integrity, and availability.

The second vulnerability, CVE-2026-53566, is rated CVSS v4.0 6.8 and involves an out-of-bounds memory read (CWE-125). This issue exclusively impacts the Citrix Secure Access Client for Windows and has a specific prerequisite: the DNE (Deterministic Network Enhancer) driver must not be installed on the target system. Similar to the first vulnerability, it can be exploited by a local user without interaction, but its impact is limited to confidentiality.

Organizations utilizing these Citrix clients on Windows endpoints are urged to prioritize patching, especially in environments where standard users have local machine access, such as shared workstations, VDI deployments, or BYOD scenarios connecting via Citrix Gateway. Cloud Software Group has released updated versions to address these flaws: Citrix Secure Access Client for Windows should be updated to version 26.6.1.20 or later, and Citrix Endpoint Analysis Client for Windows to version 26.5.1.7 or later.

For CVE-2026-53566, administrators should verify the presence of the DNE driver, as its absence increases the risk associated with this specific vulnerability. Given that CVE-2026-53565 does not require special pre-conditions beyond standard user access, all deployments of the affected clients are considered at risk until patches are applied.

Privilege escalation vulnerabilities are particularly dangerous in enterprise settings as they can undermine security controls built on the principle of least privilege. An attacker gaining initial low-level access through methods like phishing or an insider threat could leverage CVE-2026-53565 to seize SYSTEM privileges, granting them complete control over the endpoint. This makes prompt patching essential for any organization relying on Citrix's remote access solutions.

Carlos Garrido of Pentraze Cybersecurity is credited with responsibly discovering and reporting these vulnerabilities, allowing for coordinated remediation efforts before public disclosure. Security teams managing Citrix infrastructure should immediately prioritize the deployment of these updates and conduct audits to confirm system configurations, particularly regarding the DNE driver status for CVE-2026-53566.

Synthesized by Vypr AI