Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.

Description

Affected Products

Vendor	Product	Versions
zscaler	zscaler_internet_access_admin_portal	< 6.2r

References

https://help.zscaler.com/zia/release-upgrade-summary-2025?applicable_category=zscalertwo.net&deployment_date=2025-12-17&id=1538575(Release Notes, Vendor Advisory)

CVSS 3.17.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

CISA KEV❌ No

Actively exploited❌ No

Patch available

6.2r

CWECWE-20

PublishedFeb 23, 2026

Last enriched5d ago

Trending Score0

Source articles0

Independent0

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.

Description

Affected Products

References

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline