Refine your search
2 vulnerabilities found for Zscaler Client Connector by Zscaler
CVE-2026-22569 (GCVE-0-2026-22569)
Vulnerability from cvelistv5
Published
2026-03-31 14:54
Modified
2026-03-31 17:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-1289 - Improper validation of unsafe equivalence in input
Summary
An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zscaler | Zscaler Client Connector |
Version: 4.7 < 4.7.0.141 Version: 4.8 < 4.8.0.63 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22569",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-31T17:24:02.173979Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T17:24:13.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zscaler Client Connector",
"vendor": "Zscaler",
"versions": [
{
"lessThan": "4.7.0.141",
"status": "affected",
"version": "4.7",
"versionType": "custom"
},
{
"lessThan": "4.8.0.63",
"status": "affected",
"version": "4.8",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Jordan Eberst, CISA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."
}
],
"value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1289",
"description": "CWE-1289 Improper validation of unsafe equivalence in input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-31T14:54:57.241Z",
"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"shortName": "Zscaler"
},
"references": [
{
"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incorrect startup configuration in ZCC",
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"assignerShortName": "Zscaler",
"cveId": "CVE-2026-22569",
"datePublished": "2026-03-31T14:54:57.241Z",
"dateReserved": "2026-01-07T15:52:48.033Z",
"dateUpdated": "2026-03-31T17:24:13.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-54983 (GCVE-0-2025-54983)
Vulnerability from cvelistv5
Published
2025-11-12 03:07
Modified
2025-11-12 18:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-772 - Missing Release of Resource after Effective Lifetime
Summary
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Zscaler | Zscaler Client Connector |
Version: 4.6 < 4.6.0.216 Version: 4.7 < 4.7.0.47 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-54983",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-12T18:18:25.758917Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T18:18:36.813Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "Zscaler Client Connector",
"vendor": "Zscaler",
"versions": [
{
"lessThan": "4.6.0.216",
"status": "affected",
"version": "4.6",
"versionType": "custom"
},
{
"lessThan": "4.7.0.47",
"status": "affected",
"version": "4.7",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "other",
"value": "DTCC Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A health check port on Zscaler Client Connector on Windows, versions 4.6 \u0026lt; 4.6.0.216 and 4.7 \u0026lt; 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.\n\n\u003cbr\u003e"
}
],
"value": "A health check port on Zscaler Client Connector on Windows, versions 4.6 \u003c 4.6.0.216 and 4.7 \u003c 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls."
}
],
"impacts": [
{
"capecId": "CAPEC-554",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-554 Functionality Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-772",
"description": "CWE-772 Missing Release of Resource after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T03:07:39.531Z",
"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"shortName": "Zscaler"
},
"references": [
{
"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Health check port on ZCC allows tunnel bypass",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
"assignerShortName": "Zscaler",
"cveId": "CVE-2025-54983",
"datePublished": "2025-11-12T03:07:39.531Z",
"dateReserved": "2025-08-04T14:51:53.367Z",
"dateUpdated": "2025-11-12T18:18:36.813Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}