ZScaler Client Connector Data Manipulation Vulnerability
Summary
CERT-Bund published security advisory WID-SEC-2026-0938 disclosing a data manipulation vulnerability in ZScaler Client Connector. Affected versions prior to 4.8.0.63 and 4.7.0.141 on Windows systems have a CVSS Base Score of 5.4 (medium). A remote, anonymous attacker can exploit this flaw to manipulate data.
What changed
CERT-Bund identified a vulnerability in ZScaler Client Connector (formerly Zscaler App/Z App) that allows a remote, unauthenticated attacker to manipulate data. The vulnerability affects Windows systems running versions below 4.8.0.63 and 4.7.0.141. The CVSS Base Score is 5.4 with a Temporal Score of 4.7.
Organizations using ZScaler Client Connector on Windows should immediately update to the patched versions (4.8.0.63 or 4.7.0.141 and above). Mitigation measures are available. No specific compliance deadline was provided in the advisory.
What to do next
- Update ZScaler Client Connector to version 4.8.0.63 or later (or 4.7.0.141 if using that branch)
- Verify all Windows endpoints are running patched versions
- Apply available mitigation measures if immediate patching is not feasible
Source document (simplified)
[WID-SEC-2026-0938] ZScaler Client Connector: Schwachstelle ermöglicht Manipulation von Daten CVSS Base Score 5.4 (mittel) CVSS Temporal Score 4.7 (mittel) Remoteangriff ja Datum 31.03.2026 Stand 01.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Windows
Produktbeschreibung
Zscaler Client Connector, ehemals Zscaler App (Z App) führt Sicherheits- und Richtlinienkontrollen auf verwalteten Endgeräten durch.
Produkte
31.03.2026
- ZScaler Client Connector <4.8.0.63
- ZScaler Client Connector <4.7.0.141
Angriff
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in ZScaler Client Connector ausnutzen, um Daten zu manipulieren. CVE Informationen Versionshistorie Feedback zum Advisory geben
Named provisions
Related changes
Source
Classification
Who this affects
Taxonomy
Browse Categories
Get Data Privacy & Cybersecurity alerts
Weekly digest. AI-summarized, no noise.
Free. Unsubscribe anytime.
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.