CVE-2026-22567
Published: 23 February 2026
Summary
CVE-2026-22567 is a high-severity Improper Input Validation (CWE-20) vulnerability in Zscaler Zscaler Internet Access Admin Portal. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).
Deeper analysis
CVE-2026-22567 is an improper validation of user-supplied input vulnerability (CWE-20) in the ZIA Admin UI of Zscaler Internet Access (ZIA). Published on 2026-02-23, it enables an authenticated administrator to initiate backend functions through specific input fields in limited scenarios. The issue carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality impact with a changed scope.
Exploitation requires an authenticated administrator with high privileges (PR:H) to provide malicious input via the ZIA Admin UI over the network, with no user interaction needed (UI:N) and low complexity (AC:L). Successful attacks allow the adversary to trigger unauthorized backend functions, achieving high confidentiality impact (C:H) such as potential access to sensitive data, low integrity impact (I:L), and no availability disruption (A:N).
Zscaler's advisory on mitigation is detailed in their release upgrade summary at https://help.zscaler.com/zia/release-upgrade-summary-2025?applicable_category=zscalertwo.net&deployment_date=2025-12-17&id=1538575.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-7563
Vulnerability details
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability in web-based admin UI allows authenticated high-priv user to trigger unauthorized backend functions via crafted input, directly enabling exploitation of a network-accessible application (T1190).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses improper validation of user-supplied input in the ZIA Admin UI by requiring comprehensive checks on all inputs to prevent triggering unauthorized backend functions.
Enforces access control policies to restrict authenticated administrators from executing unauthorized backend functions initiated via manipulated inputs.
Limits high-privilege administrators to least privilege necessary, reducing the scope of backend functions that can be abusively triggered through input fields.