Critical Citrix Vulnerability (CVE-2023-49605) Lets Attackers Escalate Privileges
Key Takeaways Two critical vulnerabilities, CVE-2026-53565 and CVE-2026-53566, have been disclosed in Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows. The more...
Key Takeaways
- Two critical vulnerabilities, CVE-2026-53565 and CVE-2026-53566, have been disclosed in Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows.
- The more severe flaw, CVE-2026-53565, enables local privilege escalation to SYSTEM, carrying a CVSS v4.0 score of 8.5.
- All organizations utilizing these Citrix Windows clients are urged to update immediately.
- Patches are available, specifically versions 26.6.1.20+ for Secure Access Client and 26.5.1.7+ for Endpoint Analysis Client.
Citrix Clients Vulnerable to SYSTEM Privilege Escalation
Cloud Software Group has revealed two significant security flaws impacting its Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows. One of these vulnerabilities poses a severe risk, allowing attackers with low privileges to gain complete SYSTEM access on compromised machines.
Table Of Content
Critical Privilege Escalation Flaw
The primary concern, identified as CVE-2026-53565, has been assigned a CVSS v4.0 base score of 8.5, indicating high severity. This flaw originates from improper privilege management, categorized under CWE-269. It permits any standard, low-privileged local user to elevate their access to SYSTEM level, which is the highest possible privilege tier within Windows operating systems. Both Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows are equally susceptible to this vulnerability.
The CVSS:4.0 vector string highlights that exploitation requires only local access, demands low complexity, and needs no user interaction, making it particularly dangerous. A successful exploit leads to a complete compromise of confidentiality, integrity, and availability on the affected system.
Secondary Out-of-Bounds Read Vulnerability
A second vulnerability, CVE-2026-53566, carries a CVSS v4.0 score of 6.8. This issue is an out-of-bounds memory read (CWE-125) and exclusively affects Citrix Secure Access Client for Windows. Exploitation of this flaw has a specific prerequisite: the Deterministic Network Enhancer (DNE) driver must not be installed on the target system. Similar to CVE-2026-53565, it can be exploited by a standard local user without any interaction. However, its impact is confined to confidentiality, rather than a full system compromise.
Affected Systems and Remediation
Organizations deploying either Citrix Secure Access Client for Windows or Citrix Endpoint Analysis Client for Windows on their Windows endpoints must prioritize this disclosure. Environments where standard users have local machine access – such as shared workstations, Virtual Desktop Infrastructure (VDI) setups, or Bring Your Own Device (BYOD) configurations connecting via Citrix Gateway solutions – are especially at risk.
Cloud Software Group is urging immediate action to address these vulnerabilities. For CVE-2026-53565, which has no special preconditions beyond standard user access, all deployments of the affected clients should be considered vulnerable until patched. The company has released updates to mitigate both flaws:
- Update Citrix Secure Access Client for Windows to version 26.6.1.20 or newer.
- Update Citrix Endpoint Analysis Client for Windows to version 26.5.1.7 or newer.
- For CVE-2026-53566, administrators can consult Citrix’s official documentation on gateway plugin configuration to ascertain the DNE driver’s installation status and determine exposure.
Privilege escalation vulnerabilities like CVE-2026-53565 are extremely hazardous within enterprise networks, as they directly undermine the principle of least privilege. An attacker who initially gains low-level access via methods such as phishing, an insider threat, or a compromised guest account could leverage this flaw to seize SYSTEM privileges, thereby gaining full control over the endpoint. This makes patching an absolute necessity for any organization relying on Citrix’s remote access solutions.
Cloud Software Group has publicly acknowledged Carlos Garrido of Pentraze Cybersecurity for his responsible disclosure of these vulnerabilities, which facilitated coordinated remediation efforts prior to public release.
What You Should Do
- Immediately update Citrix Secure Access Client for Windows to version 26.6.1.20 or later.
- Immediately update Citrix Endpoint Analysis Client for Windows to version 26.5.1.7 or later.
- For Citrix Secure Access Client users, check the DNE driver installation status on your systems, as per Cloud Software Group’s guidance, to assess exposure to CVE-2026-53566.
- Prioritize these updates across all affected Windows endpoints, especially in environments with shared workstations, VDI, or BYOD setups.
- Regularly audit endpoint configurations to ensure compliance with the least privilege principle and promptly apply all security patches.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.