Zscaler provides transparency around service availability and changes to our customers. Please refer to Zscaler’s service continuity customer notification policy for details.

March 2018

  • Incident:
    SAML Authentication Bypass Vulnerability

    On February 27, 2018, Duo Security released a security advisory detailing a new vulnerability class affecting Security Assertion Markup Language (SAML) based single sign-on (SSO) systems. Due to the way that certain implementations parse SAML Responses, it may be possible for a user with authenticated access to authenticate as an alternate user without knowing their password. This discovery has resulted in numerous SAML libraries and solutions implementing the libraries to be exposed to privilege escalation attacks. 

    Zscaler has completed an assessment of all systems and has determined that Zscaler Internet Access (ZIA) is not vulnerable. Zscaler Private Access(ZPA) is potentially vulnerable in very specific circumstances. The ZPA enrollment service is not vulnerable and an attack could not therefore lead to a multi-tenancy attack whereby one user could gain access to the account of a user in a separate company. The ZPA vulnerability is limited to the broker service and is therefore restricted to a user potentially accessing the account of another user within the same company, but only for active directory groups/assertions whose identifier is a prefix of another active directory group/assertion owned by the attacker. Zscaler has already developed a patch to address this situation and will release it as soon as QA testing has been completed

February 2018

  • Incident:
    Reflected XSS vulnerability in Trust Portal

    A reflected XSS vulnerability was recently identified on the Zscaler Trust Portal (Trust.Zscaler.com). The Zscaler Trust Portal is a publicly accessible website and does not host sensitive information. Zscaler would like to thank Pankaj Rane for responsibly disclosing the vulnerability and working with us to ensure that it was properly patched in a timely manner. 

January 2018

  • Incident:
    Meltdown and Spectre Vulnerabilities - Update

    Zscaler has continued its evaluation of the Meltdown and Spectre Vulnerabilities and posted the assessment and actions in a pair of blog articles: 


    How Zscaler is protecting customers:



    How Zscaler is securing its cloud:



    Action required: If you are running any Zscaler private infrastructure software - ZPA connectors, NSS, VZEN, ZAB - it is your responsibility to update HOST OS and hypervisors to prevent exploitation of guest VMs by other VMs or code running on host. 

  • Incident:
    Meltdown and Spectre Vulnerabilities - initial assessment

    Zscaler is aware and is actively following a new publicly disclosed class of vulnerabilities that affect most modern operating systems and processors. Our initial assessment is that this class of vulnerabilities does not pose a serious risk to our cloud infrastructure or the data that we are securing. 

    As we evaluate Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 & CVE-2017-5715), our top priorities are to keep our cloud running and our customer’s data secure and as such we are taking steps to evaluate and remediate any potential issues caused by these vulnerabilities.

    While the scope of this industry-wide vulnerability includes operating systems and hardware in use in our cloud, the critical elements of our infrastructure do not allow attackers to run exploit code.

    Nevertheless, we have been and will continue to patch our infrastructure as such patches become available. No additional user or customer action is needed. 

May 2017

  • Incident:
    Google Docs Phishing campaign – May 3, 2017

    Update May 4, 2017: We  would like to clarify that Zscaler customer data, logs, policy data as well as cloud infrastructure were not impacted by this phishing campaign and do not utilized any Google services or applications.

    An aggressive phishing campaign went viral earlier today, which impacted multiple Google users including enterprise Google deployments. A few Zscaler employees also received these phishing e-mails. The campaign involved an unsuspecting user receiving an email with a Google Doc link from one of their known contacts. If the user clicks on the link and further grants access, their contacts would be leveraged to send the same phishing e-mail with a link from the impacted user account.

    The attack involved squatted domains that were recently registered and hosting the malicious web app. Zscaler implemented blocks for multiple domains tied to this campaign cloud wide within minutes of initial reports. Google was quick to resolve this issue and has posted official response here.

    If you believe you clicked on such an email please go to g.co/SecurityCheckup as advised by Google Security team

February 2017

  • Incident:
    XSS Vulnerabilities in Admin Portal

    Zscaler has addressed persistent XSS vulnerabilities identified in admin.zscaler[X].net and mobile.zscaler[X].net portals. The post-auth vulnerabilities would have allowed authenticated admin users to inject client-side content into certain admin UI pages which could impact other admin users of the same company. Zscaler would like to thank Alex Haynes for responsibly reporting the issues and working with Zscaler to ensure that they were properly remediated.

January 2017

  • Incident:
    Global cloud issue

    We are investigating an issue with traffic processing on our cloud. We will post additional information on this incident as it is available.

    Update: 1/16/2017 20:06:49 UTC - This incident has been resolved. Please contact Zscaler Support if you have additional questions.​

March 2016

  • Incident:
    DROWN Security Advisory

    Researchers recently released details of an attack referred to as DROWN, exploiting a cross-protocol security vulnerability in servers supporting TLS and SSL. DROWN is an acronym for "Decrypting RSA with Obsolete and Weakened eNcryption". The DROWN attack can target all services that leverage TLS based encryption and use the SSLv2 protocol, provided they share the same public key credentials between the two protocols. A successful attack will expose the session key for a captured TLS handshake, allowing attackers to decrypt subsequent client-server communications. The Zscaler cloud is NOT susceptible to the DROWN attack as nodes supporting TLS encryption do not use the SSLv2 protocol.

May 2015

  • Incident:
    Logjam Security Advisory

    Researchers recently released details of an attack referred to as Logjam which involves a Man-in-the-Middle (MitM) attack against Diffie-Hellman key exchange. Due to the fact that many servers and clients still support weak 512-bit export grade cryptography, the researchers have discovered that a successful MitM attack can force a client-server connection to downgrade the level of encryption employed in a TLS connection, which can then be decrypted. The ZScaler cloud is not susceptible to the Logjam attack as nodes supporting TLS encryption do not support DHE_EXPORT ciphers.

January 2015

  • Incident:
    Certain websites getting blocked as Security Risk

    We are investigating an issue related to certain popular websites being blocked due to a security threat.  Our security research team is validating these issues to ascertain if they are false positives. 

    We will post further updates shortly.

    This has been resolved.