Description
An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.
Published: 2026-03-31
Score: 5.4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Reduced traffic inspection potentially allowing malicious traffic to bypass security controls
Action: Assess Impact
AI Analysis

Impact

An incorrect startup configuration in certain versions of the Zscaler Client Connector on Windows can lead to a limited amount of traffic not being inspected. This weakness, identified as CWE-1289, results in a partial loss of visibility into network traffic, which could enable malicious data to travel through the network without detection.

Affected Systems

The vulnerability affects the Zscaler Client Connector while running on Windows operating systems. Specific product versions are not listed in the supplied data, so all currently installed Windows builds of Zscaler Client Connector may potentially be impacted.

Risk and Exploitability

The CVSS score of 5.4 indicates a moderate severity, but the EPSS score of less than 1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The issue likely requires the client to start with the wrong configuration, a condition that occurs only rarely according to the vendor. No known public exploitation exists at this time, suggesting the risk to organizations remains low but not negligible.

Generated by OpenCVE AI on April 6, 2026 at 17:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify that the Zscaler Client Connector is starting with the correct configuration settings.
  • Check for and apply any vendor‑supplied updates or patches for the Client Connector on Windows.
  • Monitor network traffic for any portions that might bypass inspection to confirm resolution.

Generated by OpenCVE AI on April 6, 2026 at 17:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Apr 2026 15:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:windows:*:*

Fri, 03 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Zscaler
Zscaler client Connector
Vendors & Products Zscaler
Zscaler client Connector

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances.
Title Incorrect startup configuration in ZCC
Weaknesses CWE-1289
References
Metrics cvssV3_1

{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

Zscaler Client Connector
cve-icon MITRE

Status: PUBLISHED

Assigner: Zscaler

Published:

Updated: 2026-03-31T17:24:13.723Z

Reserved: 2026-01-07T15:52:48.033Z

Link: CVE-2026-22569

cve-icon Vulnrichment

Updated: 2026-03-31T17:24:07.836Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-31T16:16:28.993

Modified: 2026-04-06T15:15:09.750

Link: CVE-2026-22569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-07T08:08:04Z

Weaknesses