CVE-2021-26736: 
Zscaler Client Connector vulnerability analysis and mitigation

Multiple vulnerabilities were discovered in the Zscaler Client Connector Installer and Uninstaller for Windows versions prior to 3.6. The vulnerability, identified as CVE-2021-26736, allowed execution of binaries from a low privileged path, potentially enabling local adversaries to execute code with SYSTEM privileges (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 7.8 (HIGH) according to NVD's assessment, while Zscaler's assessment rated it at 6.7 (MEDIUM). The vulnerability is associated with CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) by NVD, while Zscaler categorized it under CWE-20 (Improper Input Validation) (NVD).

If exploited, this vulnerability allows a local adversary to execute code with SYSTEM privileges, potentially giving attackers complete control over the affected system. The high-privilege execution capability poses significant risks to system security and data integrity (NVD).

The vulnerability has been patched in Zscaler Client Connector version 3.6 and later. Organizations using affected versions should upgrade to version 3.6 or newer to mitigate this security risk (NVD).