{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22568", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2026-01-07T15:52:48.033Z", "datePublished": "2026-02-23T16:12:52.917Z", "dateUpdated": "2026-02-23T18:47:28.205Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ZIA Admin UI", "vendor": "Zscaler", "versions": [{"lessThan": "6.2r", "status": "affected", "version": "6.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Andrew Allen Hess on behalf of Cyber Defense Team (Deutsche B\u00f6rse Group)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions."}], "value": "Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions."}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2026-02-23T16:12:52.917Z"}, "references": [{"url": "https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576"}], "source": {"discovery": "UNKNOWN"}, "title": "Unauthorized information retrieval in ZIA Admin UI", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T18:46:07.564440Z", "id": "CVE-2026-22568", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:47:28.205Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22568", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T18:46:07.564440Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T18:47:21.196Z"}}], "cna": {"title": "Unauthorized information retrieval in ZIA Admin UI", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Andrew Allen Hess on behalf of Cyber Defense Team (Deutsche B\u00f6rse Group)"}], "impacts": [{"capecId": "CAPEC-54", "descriptions": [{"lang": "en", "value": "CAPEC-54 Query System for Information"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zscaler", "product": "ZIA Admin UI", "versions": [{"status": "affected", "version": "6.2", "lessThan": "6.2r", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.", "supportingMedia": [{"type": "text/html", "value": "Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2026-02-23T16:12:52.917Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22568", "state": "PUBLISHED", "dateUpdated": "2026-02-23T18:47:28.205Z", "dateReserved": "2026-01-07T15:52:48.033Z", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "datePublished": "2026-02-23T16:12:52.917Z", "assignerShortName": "Zscaler"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:zscaler_internet_access_admin_portal:*:*:*:*:*:*:*:*", "matchCriteriaId": "D167C381-5347-49C9-B7BF-E34DF00D02D2", "versionEndExcluding": "6.2r", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de elementos especiales en la entrada proporcionada por el usuario dentro de la IU de administraci\u00f3n de ZIA podr\u00eda permitir a un administrador autenticado acceder o recuperar informaci\u00f3n interna no autorizada en raras condiciones."}], "id": "CVE-2026-22568", "lastModified": "2026-02-26T16:43:14.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "cve@zscaler.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 2.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-23T17:23:29.073", "references": [{"source": "cve@zscaler.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://help.zscaler.com/zia/release-upgrade-summary-2026?applicable_category=zscaler.net&deployment_date=2026-02-12&id=1538576"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "cve@zscaler.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[6.2,6.2r)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "ZIA Admin UI", "source": "cna", "vendor": "Zscaler"}, "product": "zia_admin_ui", "vendor": "zscaler"}], "analysis": {"en": {"generated_at": "2026-04-18T11:03:48.039384+00:00", "value": {"mitigation_remediation": ["Apply the latest Zscaler ZIA Admin UI patch or upgrade to a release from 2026\u201102\u201112 or later, as documented in the vendor advisory.", "Restrict administrative access by limiting the number of privileged accounts and enforcing least\u2011privilege policies.", "Review audit logs for unusual data retrieval activity and consider disabling the affected UI features for non\u2011essential users."], "summary": {"action": "Patch Now", "impact": "Unauthorized internal information disclosure"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Zscaler ZIA Admin UI. No specific version numbers are listed, but the vendor advisory recommends applying the latest update released on 2026\u201102\u201112 or later.", "description_and_impact": "An authenticated administrator can, under rare conditions, retrieve internal data that should not be accessible. The flaw arises from improper handling of special characters in user input within the Admin UI, leading to an information disclosure vulnerability. The associated weakness is input validation failure (CWE\u201120). As a result, confidentiality of internal data may be compromised for those with administrative access.", "risk_and_exploitability": "The CVSS base score of 5.5 indicates a moderate severity. The EPSS score of <\u20091% suggests a very low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an authenticated administrator, so the threat is limited to those with privileged access and operates under rare conditions, reducing overall risk but still actionable."}}}}, "created": "2026-02-24T09:55:34.672321+00:00", "updated": "2026-04-18T11:15:35.904397+00:00", "vendors": ["zscaler", "zscaler$PRODUCT$zia_admin_ui"]}