Primary

Context

Zscaler Internet Access Improper Input Neutralization Vulnerability Allowing Unauthorized Information Access

Vulnerability

Patched

A vulnerability exists in the Zscaler Internet Access (ZIA) Admin UI due to improper neutralization of special elements in user-supplied input. This issue could allow an authenticated administrator to access or retrieve unauthorized internal information under rare conditions.

Impact

Exploitation of this vulnerability could lead to unauthorized access to internal information.

Remediation

Zscaler has addressed this vulnerability in the February 12, 2026, service update. No additional user action is required.

Added: Feb 23, 2026, 5:32 PM

Updated: Feb 23, 2026, 6:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.4

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

2.4

remediation

7.7

relevance

3.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zscaler Internet Access Improper Input Neutralization Vulnerability Allowing Unauthorized Information Access

Vulnerability

Impact

Remediation

Affected Products

Zscaler Internet Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating