Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local low-privileged user (AV:L/PR:L) exploits a privileged client component with no interaction (AC:L/UI:N), yielding full host compromise (C/I/A:H); no scope change indicated.
Primary rating from Vendor (citrix).
CVSS VectorVendor: citrix
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows.
This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7.
AnalysisAI
Local privilege escalation in the Citrix Secure Access Client and Citrix Endpoint Analysis (EPA) Client for Windows allows a low-privileged local user to gain higher (likely SYSTEM-level) privileges through improper privilege management (CWE-269). It affects Secure Access Client for Windows before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7, both of which run privileged Windows service/agent components on the endpoint. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to already have a local, low-privileged authenticated session on a Windows host that has the vulnerable Citrix Secure Access Client (before 26.6.1.20) or Endpoint Analysis Client (before 26.5.1.7) installed - the privileged client service/agent must be present and running, which is its default installed state. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are internally consistent for a serious local EoP but not a mass-exploitation emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who already has a standard (non-admin) foothold on a Windows workstation - via phishing, a stolen user session, or a malicious insider - abuses the improperly managed privileges of the Citrix Secure Access or EPA client's privileged component to execute code as SYSTEM. This gives full control of the endpoint, enabling credential theft and lateral movement toward the Citrix-protected network. … |
| Remediation | Vendor-released patch: upgrade the Citrix Secure Access Client for Windows to 26.6.1.20 or later, and the Citrix Endpoint Analysis (EPA) Client for Windows to 26.5.1.7 or later, per Citrix advisory CTX696734 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696734). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all systems running Citrix Secure Access Client before version 26.6.1.20 and Endpoint Analysis Client before version 26.5.1.7, and prioritize systems in high-value or high-trust network zones. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r
Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build
Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended
An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via
Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical s
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severit
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43674
GHSA-4j74-6cg6-qvqf