Primary

Context

Zscaler Internet Access Improper Input Validation Vulnerability in Admin UI

Vulnerability

Patched

A vulnerability exists in the Zscaler Internet Access (ZIA) Admin UI due to improper validation of user-supplied input. This issue could allow an authenticated administrator to trigger backend functions through specific input fields, but only in limited scenarios.

Impact

Exploitation of this vulnerability could lead to unauthorized initiation of backend functions by an authenticated administrator.

Remediation

Users can upgrade to the Zscaler Internet Access version released on December 17, 2025, which addresses this vulnerability by ensuring proper validation of user input in the Admin Portal.

Added: Feb 23, 2026, 5:47 PM

Updated: Feb 23, 2026, 6:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.8

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.8

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zscaler Internet Access Improper Input Validation Vulnerability in Admin UI

Vulnerability

Impact

Remediation

Affected Products

Zscaler Internet & SaaS Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating