Zscaler Vulnerabilities
Comprehensive security vulnerability database for Zscaler products
5
0
3
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-22568 | 2.7 | This vulnerability allows an authenticated administrator to potentially access unauthorized internal information through the Zscaler Internet Access Admin portal. However, this can only happen under rare conditions where the input provided by the user is not properly handled. | zscalerzscaler internet access admin portal | Exploit Available | about 1 month agoFeb 23, 2026 |
| CVE-2026-22567 | 2.7 | This vulnerability allows an authenticated administrator to potentially execute backend functions by entering specific inputs in the Zscaler Internet Access Admin Portal. However, it only occurs under limited scenarios where the input validation is not properly enforced. | zscalerzscaler internet access admin portal | Exploit Available | about 1 month agoFeb 23, 2026 |
| CVE-2023-41971 | 7.8 | This vulnerability allows an attacker to overwrite important system files on Windows machines running Zscaler Client Connector versions before 3.7. To exploit this, the attacker needs to trick the system into following a malicious link that leads to the targeted file. | zscalerclient connector | Theoretical | almost 2 years agoMay 2, 2024 |
| CVE-2024-23457 | 7.8 | This vulnerability allows an attacker to disable the security features that protect the Zscaler Client Connector, potentially letting them uninstall the software without proper authorization. This issue occurs when an uninstall password is set, and it affects versions of the software prior to 4.2.0.209 on Windows systems. | zscalerclient connector | Exploit Available | almost 2 years agoMay 1, 2024 |
| CVE-2024-23463 | 8.1 | An attacker can bypass the security measures of the Zscaler Client Connector on Windows, allowing them to tamper with the application, but this can only happen if the "Repair App" feature is used. This vulnerability affects versions prior to 4.2.1, so it's crucial to update to the latest version to protect against this risk. | zscalerclient connector | Theoretical | almost 2 years agoApr 30, 2024 |
About Zscaler Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Zscaler products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.