Skip to main content

Zscaler Internet Access Admin Portal

3 CVEs product

Monthly

CVE-2026-22568 MEDIUM This Month

Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retrieve sensitive internal information through specially crafted requests in specific configurations. The vulnerability requires high-level admin privileges and does not impact confidentiality or availability broadly, though it poses a risk in multi-tenant environments where privilege boundaries matter. Currently, no patch is available.

Code Injection Zscaler Internet Access Admin Portal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-22567 HIGH This Week

Zscaler Internet Access Admin Portal allows authenticated administrators to execute arbitrary backend functions through insufficient input validation in the web UI. This high-severity vulnerability requires administrative privileges and currently lacks a patch, limiting exposure but leaving affected organizations vulnerable until remediation is available. An attacker with admin credentials could bypass intended restrictions to perform unauthorized backend operations with cross-system impact.

Code Injection Zscaler Internet Access Admin Portal
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-28801 CRITICAL Act Now

An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.2 before 6.2r. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Zscaler Internet Access Admin Portal
NVD
CVSS 3.1
9.8
EPSS
0.3%
EPSS 0% CVSS 5.5
MEDIUM This Month

Zscaler Internet Access Admin Portal contains an input validation flaw that enables authenticated administrators to retrieve sensitive internal information through specially crafted requests in specific configurations. The vulnerability requires high-level admin privileges and does not impact confidentiality or availability broadly, though it poses a risk in multi-tenant environments where privilege boundaries matter. Currently, no patch is available.

Code Injection Zscaler Internet Access Admin Portal
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Zscaler Internet Access Admin Portal allows authenticated administrators to execute arbitrary backend functions through insufficient input validation in the web UI. This high-severity vulnerability requires administrative privileges and currently lacks a patch, limiting exposure but leaving affected organizations vulnerable until remediation is available. An attacker with admin credentials could bypass intended restrictions to perform unauthorized backend operations with cross-system impact.

Code Injection Zscaler Internet Access Admin Portal
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.2 before 6.2r. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Zscaler Internet Access Admin Portal
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy