Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zscaler — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting Zscaler. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Zscaler operates as a cloud-native security provider, primarily delivering Zero Trust Network Access (ZTNA) and cloud firewall services to secure enterprise traffic. Despite its focus on protecting external threats, the platform has recorded 43 Common Vulnerabilities and Exposures (CVEs), revealing internal security gaps. Historically, these flaws predominantly involve remote code execution and cross-site scripting, with several instances allowing privilege escalation within administrative interfaces. These vulnerabilities suggest that while the external-facing architecture is robust, internal application logic has occasionally failed to enforce strict input validation or access controls. Notable incidents include unauthorized access attempts exploiting these weaknesses, highlighting the risks associated with complex cloud management consoles. The presence of such defects underscores the necessity for rigorous internal code auditing and continuous monitoring, even for vendors specializing in external threat mitigation and secure access solutions.

Top products by Zscaler: Client Connector Zscaler Client Connector ZIA Admin UI ZIA Admin Portal ZIA Authentication Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-22569 Incorrect startup configuration in ZCC — Zscaler Client ConnectorCWE-1289 5.4 Medium2026-03-31
CVE-2026-22567 ZIA Admin UI Input Validation Bug — ZIA Admin UICWE-20 7.6 High2026-02-23
CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI — ZIA Admin UICWE-20 5.5 Medium2026-02-23
CVE-2025-54983 Health check port on ZCC allows tunnel bypass — Zscaler Client ConnectorCWE-772 5.2 Medium2025-11-12
CVE-2025-54982 SAML 2.0 Public Key Validation Issue — Authentication ServerCWE-347 9.6 Critical2025-08-05
CVE-2024-31127 MacOS Zscaler Client Connector Local Privilege Escalation — Client ConnectorCWE-346 7.3 High2025-06-04
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection — Client ConnectorCWE-347 5.7 Medium2024-08-06
CVE-2024-23483 Local Privilege Escalation via lack of input validation — Client ConnectorCWE-20 7.0 High2024-08-06
CVE-2024-23460 Incorrect signature validation of package — Client ConnectorCWE-347 6.4 Medium2024-08-06
CVE-2024-23464 Zscaler bypass with administrative privileges on Windows — Client ConnectorCWE-281 7.2 High2024-08-06
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows — Client ConnectorCWE-346 7.3 High2024-08-06
CVE-2024-23456 Signature validation issue leads to Anti-Tampering bypass — Client ConnectorCWE-347 7.8 High2024-08-06
CVE-2024-23462 ZCC Mac validinstaller file integrity check missing — Client ConnectorCWE-354 3.3 Low2024-05-02
CVE-2024-23461 ZCC macOS Upgrade ZIP Bomb DoS — Client ConnectorCWE-354 4.2 Medium2024-05-02
CVE-2024-23459 Multiple Arbitrary Creates/Overwrites by link following — Client ConnectorCWE-59 7.1 High2024-05-02
CVE-2023-41971 Windows ZCC Upgrade DoS And Privilege Escalation Through RPC Control — Client ConnectorCWE-59 5.3 Medium2024-05-02
CVE-2023-41970 Repair App local code execution with arbitrary privileges — Client ConnectorCWE-354 6.0 Medium2024-05-02
CVE-2023-28798 Out-of-bounds write to heap in pacparser — Client ConnectorCWE-122 6.5 Medium2024-05-02
CVE-2024-23480 Insecure MacOS code sign check fallback — Client ConnectorCWE-347 7.5 High2024-05-01
CVE-2024-23457 Anti-tampering can be disabled with uninstall password enforced — Client ConnectorCWE-269 7.8 High2024-05-01
CVE-2024-23463 Anti-Tampering bypass via Repair App functionality — Client ConnectorCWE-367 8.8 High2024-04-30
CVE-2024-23482 ZScalerService Local Privilege Escalation — Client ConnectorCWE-20 7.0 High2024-03-26
CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution — Client ConnectorCWE-22 7.3 High2024-03-26
CVE-2023-41972 Revert password check incorrect type validation — Client ConnectorCWE-280 7.3 High2024-03-26
CVE-2023-41969 ZSATrayManager Arbitrary File Deletion — Client ConnectorCWE-61 7.3 High2024-03-26
CVE-2023-28807 Bypass of ZIA domain fronting detection module through evasion technique — ZIACWE-295 5.1 Medium2024-01-31
CVE-2023-28802 Disable Zscaler using machine tunnel restart — Client ConnectorCWE-354 4.9 Medium2023-11-21
CVE-2023-28794 PAC Files Exposed to Internet Websites — Client ConnectorCWE-346 4.3 Medium2023-11-06
CVE-2023-28805 ZCC on Linux privilege escalation — Client ConnectorCWE-78 6.7 Medium2023-10-23
CVE-2023-28804 Linux ZCC allows unsigned updates, allowing elevated Code Execution — Client ConnectorCWE-347 8.2 High2023-10-23

This page lists every published CVE security advisory associated with Zscaler. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.