PatchSiren cyber security CVE debrief
CVE-2026-22569 Zscaler CVE debrief
The Zscaler Client Connector versions 4.7 and 4.8 on Microsoft Windows contain a vulnerability where a domain is misspelled and added to an internal bypass list by default. This could lead to a limited amount of traffic not being inspected under specific circumstances. The issue was fixed in versions 4.7.0.141 and 4.8.0.63. According to the CVSS score of 6.5, the severity is classified as MEDIUM. The vulnerability was published on April 2, 2026, and last modified on April 23, 2026.
- Vendor
- Zscaler
- Product
- Unknown
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-04-02
- Original CVE updated
- 2026-04-23
- Advisory published
- 2026-04-02
- Advisory updated
- 2026-04-23
Who should care
Security teams and administrators responsible for managing Zscaler Client Connector installations, particularly those using versions 4.7 and 4.8 on Microsoft Windows, should be aware of this vulnerability. Given the MEDIUM severity and potential for traffic not to be inspected, ensuring timely application of the provided fixes is crucial. This involves reviewing current installations and applying updates to prevent potential exploitation.
Technical summary
The Zscaler Client Connector for Microsoft Windows, in versions 4.7 and 4.8, includes a misspelled domain in its internal bypass list by default. This misspelling could result in limited traffic not being inspected under certain conditions, potentially exposing networks to unmonitored traffic. The vulnerability, tracked as CVE-2026-22569, has been addressed with the release of versions 4.7.0.141 and 4.8.0.63. The Common Vulnerability Scoring System (CVSS) version 3.1 score is 6.5, categorizing the severity as MEDIUM. The vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating Network attack vector with Low attack complexity and No privileges required.
Defensive priority
Applying the vendor-provided fixes in versions 4.7.0.141 and 4.8.0.63 is of high priority due to the potential for traffic to bypass inspection. Security teams should inventory their systems, identify instances of the vulnerable software, and apply the updates as soon as possible.
Recommended defensive actions
- Inventory Zscaler Client Connector installations to identify those running versions 4.7 and 4.8.
- Apply the vendor-provided fixes in versions 4.7.0.141 and 4.8.0.63.
- Review network configurations to ensure that compensating controls are in place for traffic that may not be inspected.
- Monitor network traffic for anomalies that could indicate exploitation.
- Update incident response plans to include scenarios involving potential bypass of traffic inspection.
Evidence notes
The information provided is based on the CVE record and the CISA CSAF advisory. The CVE was published on April 2, 2026, and modified on April 23, 2026. The advisory from CISA provides detailed information about the affected products and the fixes provided by Zscaler.
Official resources
-
CVE-2026-22569 CVE record
CVE.org
-
CVE-2026-22569 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
This article is AI-assisted and based on the supplied source corpus.