Cyber Resilience

CVE-2026-22567

High

Published: 23 February 2026

Published
23 February 2026
Modified
26 February 2026
KEV Added
Patch
CVSS Score v3.1 7.6 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N
EPSS Score 0.0008 24.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-22567 is a high-severity Improper Input Validation (CWE-20) vulnerability in Zscaler Zscaler Internet Access Admin Portal. Its CVSS base score is 7.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 24.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-3 (Access Enforcement).

Deeper analysis

CVE-2026-22567 is an improper validation of user-supplied input vulnerability (CWE-20) in the ZIA Admin UI of Zscaler Internet Access (ZIA). Published on 2026-02-23, it enables an authenticated administrator to initiate backend functions through specific input fields in limited scenarios. The issue carries a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N), indicating high severity due to network accessibility, low attack complexity, and significant confidentiality impact with a changed scope.

Exploitation requires an authenticated administrator with high privileges (PR:H) to provide malicious input via the ZIA Admin UI over the network, with no user interaction needed (UI:N) and low complexity (AC:L). Successful attacks allow the adversary to trigger unauthorized backend functions, achieving high confidentiality impact (C:H) such as potential access to sensitive data, low integrity impact (I:L), and no availability disruption (A:N).

Zscaler's advisory on mitigation is detailed in their release upgrade summary at https://help.zscaler.com/zia/release-upgrade-summary-2025?applicable_category=zscalertwo.net&deployment_date=2025-12-17&id=1538575.

EU & UK References

Vulnerability details

Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Vulnerability in web-based admin UI allows authenticated high-priv user to trigger unauthorized backend functions via crafted input, directly enabling exploitation of a network-accessible application (T1190).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-4755Shared CWE-20
CVE-2026-6973Shared CWE-20
CVE-2026-23836Shared CWE-20
CVE-2025-12275Shared CWE-20
CVE-2025-21344Shared CWE-20
CVE-2025-43347Shared CWE-20
CVE-2026-29143Shared CWE-20
CVE-2026-2880Shared CWE-20
CVE-2025-1514Shared CWE-20
CVE-2026-26063Shared CWE-20

Affected Assets

zscaler
zscaler internet access admin portal
≤ 6.2r

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper validation of user-supplied input in the ZIA Admin UI by requiring comprehensive checks on all inputs to prevent triggering unauthorized backend functions.

prevent

Enforces access control policies to restrict authenticated administrators from executing unauthorized backend functions initiated via manipulated inputs.

prevent

Limits high-privilege administrators to least privilege necessary, reducing the scope of backend functions that can be abusively triggered through input fields.

References