{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-22569", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "state": "PUBLISHED", "assignerShortName": "Zscaler", "dateReserved": "2026-01-07T15:52:48.033Z", "datePublished": "2026-03-31T14:54:57.241Z", "dateUpdated": "2026-03-31T17:24:13.723Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2026-03-31T14:54:57.241Z"}, "title": "Incorrect startup configuration in ZCC", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-1289", "description": "CWE-1289 Improper validation of unsafe equivalence in input", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "affected": [{"vendor": "Zscaler", "product": "Zscaler Client Connector", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "4.7", "lessThan": "4.7.0.141", "versionType": "custom"}, {"status": "affected", "version": "4.8", "lessThan": "4.8.0.63", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."}]}], "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}}], "credits": [{"lang": "en", "value": "Jordan Eberst, CISA", "type": "reporter"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T17:24:02.173979Z", "id": "CVE-2026-22569", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:24:13.723Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-22569", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T17:24:02.173979Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T17:24:07.836Z"}}], "cna": {"title": "Incorrect startup configuration in ZCC", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Jordan Eberst, CISA"}], "impacts": [{"capecId": "CAPEC-554", "descriptions": [{"lang": "en", "value": "CAPEC-554 Functionality Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zscaler", "product": "Zscaler Client Connector", "versions": [{"status": "affected", "version": "4.7", "lessThan": "4.7.0.141", "versionType": "custom"}, {"status": "affected", "version": "4.8", "lessThan": "4.8.0.63", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "references": [{"url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.", "supportingMedia": [{"type": "text/html", "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1289", "description": "CWE-1289 Improper validation of unsafe equivalence in input"}]}], "providerMetadata": {"orgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "shortName": "Zscaler", "dateUpdated": "2026-03-31T14:54:57.241Z"}}}, "cveMetadata": {"cveId": "CVE-2026-22569", "state": "PUBLISHED", "dateUpdated": "2026-03-31T17:24:13.723Z", "dateReserved": "2026-01-07T15:52:48.033Z", "assignerOrgId": "73c6f63b-efac-410d-a0a9-569700f85a04", "datePublished": "2026-03-31T14:54:57.241Z", "assignerShortName": "Zscaler"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "matchCriteriaId": "F80D78F6-5D49-4B31-B1A3-571B691A6D04", "versionEndExcluding": "4.7.0.141", "versionStartIncluding": "4.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*", "matchCriteriaId": "B8E631B3-6CBF-4BED-A2AB-2F92B5DF0736", "versionEndExcluding": "4.8.0.63", "versionStartIncluding": "4.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances."}], "id": "CVE-2026-22569", "lastModified": "2026-04-06T15:15:09.750", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "cve@zscaler.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-31T16:16:28.993", "references": [{"source": "cve@zscaler.com", "tags": ["Vendor Advisory"], "url": "https://help.zscaler.com/zscaler-client-connector/client-connector-app-release-summary-2025"}], "sourceIdentifier": "cve@zscaler.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1289"}], "source": "cve@zscaler.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[4.7,4.7.0.141)"}}, {"platform": ["windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[4.8,4.8.0.63)"}}], "enrichment": {"confidence": 86.0, "confidence_source": "matching", "scores": [{"score": 86.0, "source": "matching"}]}, "original": {"product": "Zscaler Client Connector", "source": "cna", "vendor": "Zscaler"}, "product": "client_connector", "vendor": "zscaler"}], "analysis": {"en": {"generated_at": "2026-04-06T17:30:15.795015+00:00", "value": {"mitigation_remediation": ["Verify that the Zscaler Client Connector is starting with the correct configuration settings.", "Check for and apply any vendor\u2011supplied updates or patches for the Client Connector on Windows.", "Monitor network traffic for any portions that might bypass inspection to confirm resolution."], "summary": {"action": "Assess Impact", "impact": "Reduced traffic inspection potentially allowing malicious traffic to bypass security controls"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Zscaler Client Connector while running on Windows operating systems. Specific product versions are not listed in the supplied data, so all currently installed Windows builds of Zscaler Client Connector may potentially be impacted.", "description_and_impact": "An incorrect startup configuration in certain versions of the Zscaler Client Connector on Windows can lead to a limited amount of traffic not being inspected. This weakness, identified as CWE-1289, results in a partial loss of visibility into network traffic, which could enable malicious data to travel through the network without detection.", "risk_and_exploitability": "The CVSS score of 5.4 indicates a moderate severity, but the EPSS score of less than 1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The issue likely requires the client to start with the wrong configuration, a condition that occurs only rarely according to the vendor. No known public exploitation exists at this time, suggesting the risk to organizations remains low but not negligible."}}}}, "created": "2026-03-31T19:54:17.402124+00:00", "updated": "2026-04-07T08:08:04.356325+00:00", "vendors": ["zscaler", "zscaler$PRODUCT$client_connector"]}