Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.7
ZIA Admin UI allows unauthorized backend function execution
CVE-2026-22567
Summary
An authenticated administrator can exploit a security weakness in the ZIA Admin UI, allowing them to access and execute backend functions they shouldn't be able to. This could potentially lead to unauthorized changes or data exposure. Update to the latest version of ZIA to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| zscaler | zscaler_internet_access_admin_portal | <= 6.2r | – |
Original title
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
Original description
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
nvd CVSS3.1
2.7
Vulnerability type
CWE-20
Improper Input Validation
- https://help.zscaler.com/zia/release-upgrade-summary-2025?applicable_category=zs... Release Notes Vendor Advisory
Published: 23 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026