Zscaler Internet Access Admin Portal
CVE-2026-22568
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.
AnalysisAI
Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retrieve sensitive internal information through specially crafted requests in specific configurations. The vulnerability requires high-level admin privileges and does not impact confidentiality or availability broadly, though it poses a risk in multi-tenant environments where privilege boundaries matter. Currently, no patch is available.
Technical ContextAI
Classified as CWE-20 (Improper Input Validation). Affects Zscaler Internet Access Admin Portal. Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privileg
Zscaler Internet Access Admin Portal allows authenticated administrators to execute arbitrary backend functions through
Same weakness CWE-20 – Improper Input Validation
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today