Cloud Software Group has disclosed two security vulnerabilities affecting Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows, including a high-severity flaw that allows low-privileged local users to escalate privileges to SYSTEM.
The most critical vulnerability, CVE-2026-53565 (CVSS v4.0: 8.5), is caused by improper privilege management (CWE-269) and enables a standard user with local access to gain full SYSTEM-level privileges on affected Windows systems.
CVE-2026-53565: SYSTEM Privilege Escalation
The flaw impacts both:
- Citrix Secure Access Client for Windows
- Citrix Endpoint Analysis Client for Windows
According to Cloud Software Group, exploitation requires:
- Local access to the machine
- Low privileges
- No user interaction
- Low attack complexity
Successful exploitation grants attackers complete control over the affected endpoint, impacting:
- Confidentiality
- Integrity
- Availability
This makes the vulnerability particularly dangerous in enterprise environments where attackers may already have limited access through phishing, compromised accounts, or insider activity.
CVE-2026-53566: Out-of-Bounds Read Vulnerability
The second vulnerability, CVE-2026-53566 (CVSS v4.0: 6.8), is an out-of-bounds memory read (CWE-125) affecting only:
- Citrix Secure Access Client for Windows
Exploitation Requirements
The vulnerability is exploitable only when:
- The DNE (Deterministic Network Enhancer) driver is not installed
Attackers with local access can exploit the flaw without user interaction, potentially exposing sensitive information from memory.
Unlike CVE-2026-53565, this issue primarily impacts confidentiality and does not directly lead to full system compromise.
Affected Organizations
Organizations using Citrix remote access solutions should treat these vulnerabilities as high priority, especially environments with:
- Shared workstations
- Virtual Desktop Infrastructure (VDI)
- Bring Your Own Device (BYOD) deployments
- Citrix Gateway environments
- Multi-user Windows systems
Because CVE-2026-53565 only requires standard user privileges, any compromised account could potentially be leveraged to obtain SYSTEM access.
Fixed Versions
Cloud Software Group recommends upgrading immediately:
| Product | Fixed Version |
|---|---|
| Citrix Secure Access Client for Windows | 26.6.1.20 or later |
| Citrix Endpoint Analysis Client for Windows | 26.5.1.7 or later |
For CVE-2026-53566, administrators should also verify whether the DNE driver is installed to determine exposure.
Why This Matters
Privilege escalation vulnerabilities remain one of the most valuable tools for attackers after initial compromise.
An attacker who gains access through:
- Phishing attacks
- Stolen credentials
- Malware infections
- Insider access
can leverage CVE-2026-53565 to obtain SYSTEM privileges and effectively take full control of the endpoint.
Given the widespread deployment of Citrix remote access software across enterprises, organizations should prioritize patch deployment and review endpoint configurations immediately.
Cloud Software Group credited Carlos Garrido of Pentraze Cybersecurity for responsibly disclosing the vulnerabilities.