Zscaler

By the Year

In 2026 there have been 0 vulnerabilities in Zscaler. Last year, in 2025 Zscaler had 2 security vulnerabilities published. Right now, Zscaler is on track to have less security vulnerabilities in 2026 than it did last year.

Recent Zscaler Security Vulnerabilities

CVE	Date	Vulnerability	Products
CVE-2025-54983	Nov 12, 2025	Zscaler Client Connector 4.6/4.7 HC Port Bypass A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls.	Client Connector
CVE-2024-31127	Jun 04, 2025	Privilege Escalation in Zscaler Client Connector <4.2 via Improper Library Verification An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges.	Client Connector
CVE-2024-23460	Aug 06, 2024	Zscaler Client Conn. macOS <4.2: Missing Installer Signature, Local Code Exec The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2.	Client Connector
CVE-2023-28806	Aug 06, 2024	I.S.V in Zscaler Client Connector (Win <4.2.0.190) Enables Tampering An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190.	Client Connector
CVE-2024-23483	Aug 06, 2024	OS Cmd Injection in Zscaler Client Connector <4.2 on macOS (CVE-2024-23483) An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2.	Client Connector
CVE-2024-23464	Aug 06, 2024	Zscaler Client Connector Win <4.2.1: Admin PowerShell can disable ZIA In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1	Client Connector
CVE-2024-23458	Aug 06, 2024	Zscaler Client Connector <4.2.0.190 LPE via Autoupdater Log Copy While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. This issue affects Zscaler Client Connector on Windows <4.2.0.190.	Client Connector
CVE-2024-23456	Aug 06, 2024	Zscaler Client Connector <4.2.0.190 Anti-tampering Disable Vulnerability Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enabled.	Client Connector
CVE-2024-3661	May 06, 2024	DHCP Client Leak via Classless Static Route (121) DHCP can add routes to a clients routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.	Client Connector
CVE-2023-41970	May 02, 2024	Integrity Check Validation Error in Zscaler CConnector <4.1.0.62 Windows An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62.	Client Connector