Skip to main content

Citrix Secure Access CVE-2026-53565

| EUVDEUVD-2026-43674 HIGH
Improper Privilege Management (CWE-269)
2026-07-14 secure@citrix.com GHSA-4j74-6cg6-qvqf
8.5
CVSS 4.0 · Vendor: citrix
Share

Severity by source

Vendor (citrix) PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.8 HIGH

Local low-privileged user (AV:L/PR:L) exploits a privileged client component with no interaction (AC:L/UI:N), yielding full host compromise (C/I/A:H); no scope change indicated.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (citrix).

CVSS VectorVendor: citrix

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 14, 2026 - 18:20 EUVD
Analysis Generated
Jul 14, 2026 - 13:32 vuln.today
CVE Published
Jul 14, 2026 - 13:18 cve.org
HIGH 8.5

DescriptionCVE.org

Improper Privilege Management vulnerability in Citrix Secure Access Client for Windows, Citrix Citrix Endpoint Analysis Client for Windows.

This issue affects Secure Access Client for Windows: before 26.6.1.20; Citrix Endpoint Analysis Client for Windows: before 26. 5.1.7.

AnalysisAI

Local privilege escalation in the Citrix Secure Access Client and Citrix Endpoint Analysis (EPA) Client for Windows allows a low-privileged local user to gain higher (likely SYSTEM-level) privileges through improper privilege management (CWE-269). It affects Secure Access Client for Windows before 26.6.1.20 and Endpoint Analysis Client for Windows before 26.5.1.7, both of which run privileged Windows service/agent components on the endpoint. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privileged local session
Delivery
Locate privileged Citrix client service/interface
Exploit
Abuse improper privilege management (CWE-269)
Execution
Execute code as SYSTEM
Impact
Full host compromise and lateral movement

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to already have a local, low-privileged authenticated session on a Windows host that has the vulnerable Citrix Secure Access Client (before 26.6.1.20) or Endpoint Analysis Client (before 26.5.1.7) installed - the privileged client service/agent must be present and running, which is its default installed state. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are internally consistent for a serious local EoP but not a mass-exploitation emergency. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who already has a standard (non-admin) foothold on a Windows workstation - via phishing, a stolen user session, or a malicious insider - abuses the improperly managed privileges of the Citrix Secure Access or EPA client's privileged component to execute code as SYSTEM. This gives full control of the endpoint, enabling credential theft and lateral movement toward the Citrix-protected network. …
Remediation Vendor-released patch: upgrade the Citrix Secure Access Client for Windows to 26.6.1.20 or later, and the Citrix Endpoint Analysis (EPA) Client for Windows to 26.5.1.7 or later, per Citrix advisory CTX696734 (https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696734). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all systems running Citrix Secure Access Client before version 26.6.1.20 and Endpoint Analysis Client before version 26.5.1.7, and prioritize systems in high-value or high-trust network zones. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Citrix

View all
CVE-2017-6316 CRITICAL POC
9.8 Jul 20

Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as r

CVE-2025-5777 HIGH POC
7.5 Jun 17

Citrix NetScaler ADC and Gateway contain an input validation vulnerability (CVE-2025-5777, CVSS 7.5) leading to memory o

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2017-17382 MEDIUM POC
5.9 Dec 13

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build

CVE-2025-6543 CRITICAL POC
9.8 Jun 25

Citrix NetScaler ADC and Gateway contain a memory overflow vulnerability (CVE-2025-6543, CVSS 9.8) leading to unintended

CVE-2026-3055 CRITICAL POC
9.3 Mar 23

An insufficient input validation vulnerability exists in Citrix NetScaler ADC and NetScaler Gateway when configured as a

CVE-2015-2682 MEDIUM POC
5.0 Mar 26

Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via

CVE-2026-8451 HIGH POC
8.8 Jun 30

Memory overread in Citrix NetScaler ADC and NetScaler Gateway lets remote attackers read out-of-bounds memory when the a

CVE-2019-12990 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal. Rated critical s

CVE-2019-12989 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow SQL Injection. Rated critical severit

CVE-2019-12988 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 4 of

CVE-2019-12987 CRITICAL POC
9.8 Jul 16

Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 3 of

Share

CVE-2026-53565 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy