CVE-2026-22568

MEDIUM

Zscaler Internet Access Admin Portal < 6.2r - Authenticated Information Disclosure via Input Validation Flaw

Title source: llm

Description

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.

References (1)

Core 1

Core References

Various Sources

https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576

Scores

CVSS v3 5.5

EPSS 0.0016

EPSS Percentile 5.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (1)

zscaler/zscaler_internet_access_admin_portal < 6.2r

Published Feb 23, 2026

Tracked Since Feb 23, 2026