Article Id : CTX696734
Last Modified Date : 07-14-2026 11:51
Created Date : 07-14-2026 13:00
Article Record Type : Security Bulletin
Severity : High
Description of Problem
Vulnerabilities have been discovered in the Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client. Refer to the information below for further details:
Affected Versions:
The following supported versions of Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows are affected by CVE-2026-53565:
- Citrix Secure Access Client for Windows versions BEFORE 26.6.1.20
- Citrix Endpoint Analysis Client for Windows versions BEFORE 26.5.1.7
The following supported versions of Citrix Secure Access Client for Windows are affected by CVE-2026-53566:
- Citrix Secure Access Client for Windows versions BEFORE 26.6.1.20
Details
Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client for Windows contain the vulnerabilities mentioned below
| CVE-ID | Description | Affected Products | Pre-conditions | CWE | CVSSv4 |
| CVE-2026-53565 | Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges | Citrix Secure Access Client for Windows AND Citrix Endpoint Analysis Client for Windows | Standard user access on local system | CWE-269: Improper Privilege Management | CVSS v4.0 Base Score: 8.5(CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N) |
| CVE-2026-53566 | Out-of-bounds memory read | Citrix Secure Access Client for Windows | Standard user access on local system and DNE driver is not installed | CWE-125: Out-of-bounds Read | CVSS v4.0 Base Score: 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
What Customers Should Do
Cloud Software Group strongly urges customers of Citrix Secure Access Client for Windows and Citrix Endpoint Analysis Client to install the relevant updated versions as soon as possible:
- Citrix Secure Access Client for Windows 26.6.1.20 and later releases
- Citrix Endpoint Analysis Client for Windows 26.5.1.7 and later releases
Steps to determine if an appliance meets the CVE preconditions
CVE-2026-53566:
Customers can determine if the DNE driver is not installed by referring to the following documentation: https://docs.netscaler.com/en-us/netscaler-gateway/current-release/vpn-user-config/select-gateway-plugin-for-users.html#completely-skip-the-dne-installation