CVE-2026-22568

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

I

mproper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.

References

Link	Resource
https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576	Release Notes Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:zscaler:zscaler_internet_access_admin_portal:*:*:*:*:*:*:*:*

History

26 Feb 2026, 16:43

Type	Values Removed	Values Added
First Time		Zscaler Zscaler zscaler Internet Access Admin Portal
Summary		(es) Neutralización incorrecta de elementos especiales en la entrada proporcionada por el usuario dentro de la IU de administración de ZIA podría permitir a un administrador autenticado acceder o recuperar información interna no autorizada en raras condiciones.
CPE		cpe:2.3:a:zscaler:zscaler_internet_access_admin_portal::::::::
References	~~() https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576 -~~	() https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576 - Release Notes, Vendor Advisory
CWE		NVD-CWE-noinfo

23 Feb 2026, 18:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-02-23 17:23

Updated : 2026-02-26 16:43

NVD link : CVE-2026-22568

Mitre link : CVE-2026-22568

CVE.ORG link : CVE-2026-22568

JSON object : View

Products Affected

zscaler_internet_access_admin_portal

CWE

CWE-20

Improper Input Validation

NVD-CWE-noinfo

{"id": "CVE-2026-22568", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2026-02-23T17:23:29.073", "references": [{"url": "https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576", "tags": ["Release Notes", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de elementos especiales en la entrada proporcionada por el usuario dentro de la IU de administraci\u00f3n de ZIA podr\u00eda permitir a un administrador autenticado acceder o recuperar informaci\u00f3n interna no autorizada en raras condiciones."}], "lastModified": "2026-02-26T16:43:14.953", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:zscaler_internet_access_admin_portal:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D167C381-5347-49C9-B7BF-E34DF00D02D2", "versionEndExcluding": "6.2r"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}