CVE-2024-8068

Privilege escalation to NetworkService Account access

Basic Information

CVE State: PUBLISHED
Reserved Date: August 21, 2024
Published Date: November 12, 2024
Last Updated: October 21, 2025
Vendor: Citrix
Product: Citrix Session Recording
Description: Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
Tags

CVSS Scores

CVSS v4.0

5.1 - MEDIUM

Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 10:39:30 UTC) Source

References

https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 10:39:30 UTC

Timeline

CVE ID Reserved

August 21, 2024
CVE Published to Public

November 12, 2024
Added to KEVIntel

June 01, 2026