CVE-2026-22567 | THREATINT

Description

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.

PUBLISHED Reserved 2026-01-07 | Published 2026-02-23 | Updated 2026-02-23 | Assigner Zscaler

HIGH: 7.6CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

Problem types

CWE-20 Improper Input Validation

Product status

Default status

unaffected

6.2 (custom) before 6.2r

affected

Credits

Andrew Allen Hess on behalf of Cyber Defense Team (Deutsche Börse Group) finder

References

help.zscaler.com/...et&deployment_date=2025-12-17&id=1538575

cve.org (CVE-2026-22567)

nvd.nist.gov (CVE-2026-22567)

Download JSON