Skip to main content

Microsoft EUVDEUVD-2026-17478

| CVE-2026-22569 MEDIUM
Improper Validation of Unsafe Equivalence in Input (CWE-1289)
2026-03-31 Zscaler
5.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
4.8.0.63,4.7.0.141
EUVD ID Assigned
Mar 31, 2026 - 15:31 euvd
EUVD-2026-17478
Analysis Generated
Mar 31, 2026 - 15:31 vuln.today
CVE Published
Mar 31, 2026 - 14:54 nvd
MEDIUM 5.4

DescriptionCVE.org

An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.

AnalysisAI

Zscaler Client Connector on Windows contains an incorrect startup configuration that permits limited traffic to bypass inspection under rare circumstances, resulting in potential information disclosure and integrity compromise. The vulnerability affects all versions of the product and requires user interaction to exploit, with a CVSS score of 5.4 reflecting the combination of network-based attack vector, low complexity, and low impact on confidentiality and integrity. No evidence of active exploitation or public exploit code has been identified.

Technical ContextAI

Zscaler Client Connector is a Windows-based security agent responsible for intercepting and inspecting network traffic according to organizational security policies. The vulnerability stems from CWE-1289 (Improper Validation of Specified Quantity in Input), indicating that the startup configuration process fails to properly validate or correctly apply inspection parameters during agent initialization. This configuration flaw creates a window where certain traffic flows bypass the intended inspection mechanisms, though the specific traffic types and conditions are limited and rare. The issue is endemic to the client-side implementation rather than the backend infrastructure.

RemediationAI

Organizations should consult the Zscaler Client Connector release summary at https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025 to identify and deploy the patched version addressing CVE-2026-22569. Update Zscaler Client Connector to the latest available version as recommended by the vendor advisory. In environments where immediate patching is not possible, validate startup configuration settings and monitor for unusual traffic patterns or inspection bypass indicators. No vendor-confirmed workaround has been identified, making patching the primary remediation path.

Share

EUVD-2026-17478 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy