Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Lifecycle Timeline
4DescriptionCVE.org
An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.
AnalysisAI
Zscaler Client Connector on Windows contains an incorrect startup configuration that permits limited traffic to bypass inspection under rare circumstances, resulting in potential information disclosure and integrity compromise. The vulnerability affects all versions of the product and requires user interaction to exploit, with a CVSS score of 5.4 reflecting the combination of network-based attack vector, low complexity, and low impact on confidentiality and integrity. No evidence of active exploitation or public exploit code has been identified.
Technical ContextAI
Zscaler Client Connector is a Windows-based security agent responsible for intercepting and inspecting network traffic according to organizational security policies. The vulnerability stems from CWE-1289 (Improper Validation of Specified Quantity in Input), indicating that the startup configuration process fails to properly validate or correctly apply inspection parameters during agent initialization. This configuration flaw creates a window where certain traffic flows bypass the intended inspection mechanisms, though the specific traffic types and conditions are limited and rare. The issue is endemic to the client-side implementation rather than the backend infrastructure.
RemediationAI
Organizations should consult the Zscaler Client Connector release summary at https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025 to identify and deploy the patched version addressing CVE-2026-22569. Update Zscaler Client Connector to the latest available version as recommended by the vendor advisory. In environments where immediate patching is not possible, validate startup configuration settings and monitor for unusual traffic patterns or inspection bypass indicators. No vendor-confirmed workaround has been identified, making patching the primary remediation path.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17478