CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2026-22567

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567 ZIA Admin UI Input Validation Bug

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios...

CVE-2026-22567

CVE-2026-22567 concerns ZIA Admin UI input validation. The issue allows an authenticated administrator to trigger backend functions via specific input fields in limited scenarios due to improper input validation. Reported CVSS 3.1 base score 7.6 (HIGH) with NETWORK attack vector, HIGH privileges ...

CVE-2026-22568

CVE-2026-22568 affects the ZIA Admin UI. An authenticated administrator could potentially retrieve unauthorized internal information due to improper neutralization of certain input in rare conditions. The CVSS 3.1 base score is 5.5 (Medium) with Privileges Required: High, User Interaction: None, ...

CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

PT-2026-21527

Name of the Vulnerable Software and Affected Versions ZIA affected versions not specified Description An issue exists in the ZIA Admin UI related to the improper handling of user-supplied input. This could allow an authenticated administrator to potentially access or retrieve unauthorized interna...

EUVD-2022-49642

Malicious code in bioql PyPI...

Zscaler Client Connector < 4.2.1 Improper Preservation of Permissions (CVE-2024-23464)

The version of Zscaler Client Connector installed on the remote Windows host is prior to 4.2.1. It is, therefore, affected by a vulnerability. - In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows...

CVE-2024-23464 Zscaler bypass with administrative privileges on Windows

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

CVE-2024-23464 Zscaler bypass with administrative privileges on Windows

In certain cases, Zscaler Internet Access ZIA can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows 4.2.1...

Code injection

In Zscaler Internet Access ZIA a mismatch between Connect Host and Client Hello's Server Name Indication SNI enables attackers to evade network security controls by hiding their communications within legitimate traffic...

CVE-2023-28807

CVE-2023-28807 affects Zscaler Internet Access (ZIA). A mismatch between Connect Host and Client Hello’s Server Name Indication (SNI) can allow an attacker to hide communications within legitimate traffic, enabling evasion of network security controls. The CVE’s NVD entry notes a network attack v...

CVE-2023-28802

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149...

Input validation

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149...

CVE-2023-28802

Zscaler Client Connector for Windows is affected by CVE-2023-28802 due to improper validation of integrity check values. An authenticated user can disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. Affected versions are prior to 4.2.0.149. Remediation: upgrade to 4.2.0....

CVE-2022-46861

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Zia Imtiaz Custom Login Page Styler for WordPress plugin = 6.2 versions...