Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for Zscaler Client Connector by Zscaler

    CVE-2026-22569 (GCVE-0-2026-22569)

    Vulnerability from nvd – Published: 2026-03-31 14:54 – Updated: 2026-03-31 17:24
    VLAI
    Title
    Incorrect startup configuration in ZCC
    Summary
    An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1289 - Improper validation of unsafe equivalence in input
    Assigner
    Impacted products
    Vendor Product Version
    Zscaler Zscaler Client Connector Affected: 4.7 , < 4.7.0.141 (custom)
    Affected: 4.8 , < 4.8.0.63 (custom)
    Create a notification for this product.
    Credits
    Jordan Eberst, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:24:02.173979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:24:13.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zscaler Client Connector",
              "vendor": "Zscaler",
              "versions": [
                {
                  "lessThan": "4.7.0.141",
                  "status": "affected",
                  "version": "4.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.0.63",
                  "status": "affected",
                  "version": "4.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jordan Eberst, CISA"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."
                }
              ],
              "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1289",
                  "description": "CWE-1289 Improper validation of unsafe equivalence in input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:54:57.241Z",
            "orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
            "shortName": "Zscaler"
          },
          "references": [
            {
              "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect startup configuration in ZCC",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
        "assignerShortName": "Zscaler",
        "cveId": "CVE-2026-22569",
        "datePublished": "2026-03-31T14:54:57.241Z",
        "dateReserved": "2026-01-07T15:52:48.033Z",
        "dateUpdated": "2026-03-31T17:24:13.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54983 (GCVE-0-2025-54983)

    Vulnerability from nvd – Published: 2025-11-12 03:07 – Updated: 2025-11-12 18:18
    VLAI
    Title
    Health check port on ZCC allows tunnel bypass
    Summary
    A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    Zscaler Zscaler Client Connector Affected: 4.6 , < 4.6.0.216 (custom)
    Affected: 4.7 , < 4.7.0.47 (custom)
    Create a notification for this product.
    Credits
    DTCC Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-12T18:18:25.758917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-12T18:18:36.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zscaler Client Connector",
              "vendor": "Zscaler",
              "versions": [
                {
                  "lessThan": "4.6.0.216",
                  "status": "affected",
                  "version": "4.6",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.47",
                  "status": "affected",
                  "version": "4.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "DTCC Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A health check port on Zscaler Client Connector on Windows, versions 4.6 \u0026lt;  4.6.0.216 and 4.7 \u0026lt; 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.\n\n\u003cbr\u003e"
                }
              ],
              "value": "A health check port on Zscaler Client Connector on Windows, versions 4.6 \u003c  4.6.0.216 and 4.7 \u003c 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-12T03:07:39.531Z",
            "orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
            "shortName": "Zscaler"
          },
          "references": [
            {
              "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Health check port on ZCC allows tunnel bypass",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
        "assignerShortName": "Zscaler",
        "cveId": "CVE-2025-54983",
        "datePublished": "2025-11-12T03:07:39.531Z",
        "dateReserved": "2025-08-04T14:51:53.367Z",
        "dateUpdated": "2025-11-12T18:18:36.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-22569 (GCVE-0-2026-22569)

    Vulnerability from cvelistv5 – Published: 2026-03-31 14:54 – Updated: 2026-03-31 17:24
    VLAI
    Title
    Incorrect startup configuration in ZCC
    Summary
    An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-1289 - Improper validation of unsafe equivalence in input
    Assigner
    Impacted products
    Vendor Product Version
    Zscaler Zscaler Client Connector Affected: 4.7 , < 4.7.0.141 (custom)
    Affected: 4.8 , < 4.8.0.63 (custom)
    Create a notification for this product.
    Credits
    Jordan Eberst, CISA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-22569",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-31T17:24:02.173979Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-31T17:24:13.723Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zscaler Client Connector",
              "vendor": "Zscaler",
              "versions": [
                {
                  "lessThan": "4.7.0.141",
                  "status": "affected",
                  "version": "4.7",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.8.0.63",
                  "status": "affected",
                  "version": "4.8",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Jordan Eberst, CISA"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."
                }
              ],
              "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-1289",
                  "description": "CWE-1289 Improper validation of unsafe equivalence in input",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-31T14:54:57.241Z",
            "orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
            "shortName": "Zscaler"
          },
          "references": [
            {
              "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Incorrect startup configuration in ZCC",
          "x_generator": {
            "engine": "Vulnogram 1.0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
        "assignerShortName": "Zscaler",
        "cveId": "CVE-2026-22569",
        "datePublished": "2026-03-31T14:54:57.241Z",
        "dateReserved": "2026-01-07T15:52:48.033Z",
        "dateUpdated": "2026-03-31T17:24:13.723Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-54983 (GCVE-0-2025-54983)

    Vulnerability from cvelistv5 – Published: 2025-11-12 03:07 – Updated: 2025-11-12 18:18
    VLAI
    Title
    Health check port on ZCC allows tunnel bypass
    Summary
    A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-772 - Missing Release of Resource after Effective Lifetime
    Assigner
    Impacted products
    Vendor Product Version
    Zscaler Zscaler Client Connector Affected: 4.6 , < 4.6.0.216 (custom)
    Affected: 4.7 , < 4.7.0.47 (custom)
    Create a notification for this product.
    Credits
    DTCC Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-54983",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-11-12T18:18:25.758917Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-11-12T18:18:36.813Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "platforms": [
                "Windows"
              ],
              "product": "Zscaler Client Connector",
              "vendor": "Zscaler",
              "versions": [
                {
                  "lessThan": "4.6.0.216",
                  "status": "affected",
                  "version": "4.6",
                  "versionType": "custom"
                },
                {
                  "lessThan": "4.7.0.47",
                  "status": "affected",
                  "version": "4.7",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "other",
              "value": "DTCC Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "A health check port on Zscaler Client Connector on Windows, versions 4.6 \u0026lt;  4.6.0.216 and 4.7 \u0026lt; 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.\n\n\u003cbr\u003e"
                }
              ],
              "value": "A health check port on Zscaler Client Connector on Windows, versions 4.6 \u003c  4.6.0.216 and 4.7 \u003c 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-554",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-554 Functionality Bypass"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.2,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-772",
                  "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-11-12T03:07:39.531Z",
            "orgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
            "shortName": "Zscaler"
          },
          "references": [
            {
              "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Health check port on ZCC allows tunnel bypass",
          "x_generator": {
            "engine": "Vulnogram 0.5.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04",
        "assignerShortName": "Zscaler",
        "cveId": "CVE-2025-54983",
        "datePublished": "2025-11-12T03:07:39.531Z",
        "dateReserved": "2025-08-04T14:51:53.367Z",
        "dateUpdated": "2025-11-12T18:18:36.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }