CVE-2026-22569
Startup Configuration Flaw in Zscaler Client Connector Causes Traffic Inspection Bypass
Publication date: 2026-03-31
Last updated on: 2026-04-06
Assigner: Zscaler, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zscaler | client_connector | From 4.7 (inc) to 4.7.0.141 (exc) |
| zscaler | client_connector | From 4.8 (inc) to 4.8.0.63 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1289 | The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is caused by an incorrect startup configuration in certain versions of the Zscaler Client Connector on Windows. Under rare circumstances, this misconfiguration may result in a limited amount of network traffic not being inspected as intended.
How can this vulnerability impact me? :
Because some traffic may bypass inspection due to this vulnerability, there is a risk that malicious or unauthorized data could pass through without detection. This could potentially lead to security risks such as data leakage or exposure to threats that would normally be blocked or monitored.