Zscaler Internet Access Admin Portal
CVE-2026-22567
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
AnalysisAI
Zscaler Internet Access Admin Portal allows authenticated administrators to execute arbitrary backend functions through insufficient input validation in the web UI. This high-severity vulnerability requires administrative privileges and currently lacks a patch, limiting exposure but leaving affected organizations vulnerable until remediation is available. An attacker with admin credentials could bypass intended restrictions to perform unauthorized backend operations with cross-system impact.
Technical ContextAI
Classified as CWE-20 (Improper Input Validation). Affects Zscaler Internet Access Admin Portal. Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privileg
Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retr
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today