CVE-2026-22567
HIGHZscaler Internet Access Admin Portal < 6.2r - Authenticated Backend Function Execution via Input Field Injection
Title source: llmDescription
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
References (1)
Core 1
Scores
CVSS v3
7.6
EPSS
0.0020
EPSS Percentile
9.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (1)
zscaler/zscaler_internet_access_admin_portal
< 6.2r
Published
Feb 23, 2026
Tracked Since
Feb 23, 2026