Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Zscaler — Vulnerabilities & Security Advisories 43

Browse all 43 CVE security advisories affecting Zscaler. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Zscaler:Client ConnectorZscaler Client ConnectorZIA Admin UIZIA Admin PortalZIAAuthentication Server
CVE IDTitleCVSSSeverityPublished
CVE-2026-22569 Incorrect startup configuration in ZCC — Zscaler Client ConnectorCWE-1289 5.4 Medium2026-03-31
CVE-2026-22567 ZIA Admin UI Input Validation Bug — ZIA Admin UICWE-20 7.6 High2026-02-23
CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI — ZIA Admin UICWE-20 5.5 Medium2026-02-23
CVE-2025-54983 Health check port on ZCC allows tunnel bypass — Zscaler Client ConnectorCWE-772 5.2 Medium2025-11-12
CVE-2025-54982 SAML 2.0 Public Key Validation Issue — Authentication ServerCWE-347 9.6 Critical2025-08-05
CVE-2024-31127 MacOS Zscaler Client Connector Local Privilege Escalation — Client ConnectorCWE-346 7.3 High2025-06-04
CVE-2023-28806 Signature validation error in DLL allows disabling anti-tampering protection — Client ConnectorCWE-347 5.7 Medium2024-08-06
CVE-2024-23483 Local Privilege Escalation via lack of input validation — Client ConnectorCWE-20 7.0 High2024-08-06
CVE-2024-23460 Incorrect signature validation of package — Client ConnectorCWE-347 6.4 Medium2024-08-06
CVE-2024-23464 Zscaler bypass with administrative privileges on Windows — Client ConnectorCWE-281 7.2 High2024-08-06
CVE-2024-23458 Local Privilege Escalation on Zscaler Client Connector on Windows — Client ConnectorCWE-346 7.3 High2024-08-06
CVE-2024-23456 Signature validation issue leads to Anti-Tampering bypass — Client ConnectorCWE-347 7.8 High2024-08-06
CVE-2024-23462 ZCC Mac validinstaller file integrity check missing — Client ConnectorCWE-354 3.3 Low2024-05-02
CVE-2024-23461 ZCC macOS Upgrade ZIP Bomb DoS — Client ConnectorCWE-354 4.2 Medium2024-05-02
CVE-2024-23459 Multiple Arbitrary Creates/Overwrites by link following — Client ConnectorCWE-59 7.1 High2024-05-02
CVE-2023-41971 Windows ZCC Upgrade DoS And Privilege Escalation Through RPC Control — Client ConnectorCWE-59 5.3 Medium2024-05-02
CVE-2023-41970 Repair App local code execution with arbitrary privileges — Client ConnectorCWE-354 6.0 Medium2024-05-02
CVE-2023-28798 Out-of-bounds write to heap in pacparser — Client ConnectorCWE-122 6.5 Medium2024-05-02
CVE-2024-23480 Insecure MacOS code sign check fallback — Client ConnectorCWE-347 7.5 High2024-05-01
CVE-2024-23457 Anti-tampering can be disabled with uninstall password enforced — Client ConnectorCWE-269 7.8 High2024-05-01
CVE-2024-23463 Anti-Tampering bypass via Repair App functionality — Client ConnectorCWE-367 8.8 High2024-04-30
CVE-2024-23482 ZScalerService Local Privilege Escalation — Client ConnectorCWE-20 7.0 High2024-03-26
CVE-2023-41973 Lack of input santization on Zscaler Client Connector enables arbitrary code execution — Client ConnectorCWE-22 7.3 High2024-03-26
CVE-2023-41972 Revert password check incorrect type validation — Client ConnectorCWE-280 7.3 High2024-03-26
CVE-2023-41969 ZSATrayManager Arbitrary File Deletion — Client ConnectorCWE-61 7.3 High2024-03-26
CVE-2023-28807 Bypass of ZIA domain fronting detection module through evasion technique — ZIACWE-295 5.1 Medium2024-01-31
CVE-2023-28802 Disable Zscaler using machine tunnel restart — Client ConnectorCWE-354 4.9 Medium2023-11-21
CVE-2023-28794 PAC Files Exposed to Internet Websites — Client ConnectorCWE-346 4.3 Medium2023-11-06
CVE-2023-28805 ZCC on Linux privilege escalation — Client ConnectorCWE-78 6.7 Medium2023-10-23
CVE-2023-28804 Linux ZCC allows unsigned updates, allowing elevated Code Execution — Client ConnectorCWE-347 8.2 High2023-10-23

This page lists every published CVE security advisory associated with Zscaler. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.