CVE-2026-53566
Received Received - Intake

Out-of-bounds Read in Citrix Secure Access Client for Windows

Vulnerability report for CVE-2026-53566, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-14

Last updated on: 2026-07-14

Assigner: Citrix Systems, Inc.

Description

Out-of-bounds read vulnerability in Citrix Citrix Secure Access Client for Windows. This issue affects Citrix Secure Access Client for Windows: before 26.6.1.20.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-14
Last Modified
2026-07-14
Generated
2026-07-14
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
citrix citrix_secure_access_client to 26.6.1.20 (exc)
citrix secure_access_client to 26.6.1.20 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-53566 is an out-of-bounds read vulnerability in the Citrix Secure Access Client for Windows. This type of vulnerability occurs when a program reads data beyond the bounds of allocated memory, which can lead to unintended information disclosure or crashes.

The vulnerability affects versions of Citrix Secure Access Client for Windows before 26.6.1.20. An attacker with local access and low privileges could exploit this flaw to read sensitive data from memory.

Impact Analysis

If you are using an affected version of Citrix Secure Access Client for Windows, this vulnerability could impact you in the following ways:

  • An attacker with local access to your system could exploit this vulnerability to read sensitive information from memory, potentially exposing credentials, session tokens, or other confidential data.
  • The vulnerability could lead to a denial-of-service condition if the out-of-bounds read causes the application to crash.
  • While the CVSS score indicates a medium severity, the impact depends on the sensitivity of the data processed by the application and the attacker's ability to access the system.
Compliance Impact

This vulnerability could affect compliance with common standards and regulations in the following ways:

  • GDPR: If the out-of-bounds read exposes personal data of EU citizens, it could lead to a data breach. Organizations must report such breaches within 72 hours and may face fines if they fail to protect personal data adequately.
  • HIPAA: For organizations handling protected health information (PHI), this vulnerability could result in unauthorized access to sensitive patient data. Non-compliance with HIPAA's security rules could lead to penalties.
  • Other standards like PCI DSS or ISO 27001 may also be impacted if the vulnerability exposes sensitive information or weakens security controls. Organizations are typically required to apply patches or mitigations to maintain compliance.
Detection Guidance

Detection of CVE-2026-53566 involves verifying the installed version of Citrix Secure Access Client for Windows on your systems. This vulnerability affects versions before 26.6.1.20.

  • Check the installed version of Citrix Secure Access Client for Windows using the following steps:
  • 1. Open the Control Panel on the Windows system.
  • 2. Navigate to 'Programs and Features' or 'Apps & features'.
  • 3. Locate 'Citrix Secure Access Client' in the list of installed programs and note the version number.
  • 4. Alternatively, you can use PowerShell to check the installed version with the following command:
  • Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like '*Citrix Secure Access Client*' } | Select-Object Name, Version

If the version is earlier than 26.6.1.20, the system is vulnerable.

Mitigation Strategies

To mitigate CVE-2026-53566, follow these immediate steps:

  • 1. Upgrade Citrix Secure Access Client for Windows to version 26.6.1.20 or later. The fixed version addresses the out-of-bounds read vulnerability.
  • 2. Download the latest version from the official Citrix website or use the Citrix update mechanism if available.
  • 3. If an immediate upgrade is not possible, consider temporarily disabling or restricting access to the Citrix Secure Access Client until the upgrade can be performed.
  • 4. Monitor Citrix advisories for any additional guidance or patches related to this vulnerability.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53566. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart