CVE-2021-26737: 
Zscaler Client Connector vulnerability analysis and mitigation

CVE-2021-26737 affects the Zscaler Client Connector for macOS versions prior to 3.6. The vulnerability was identified as an origin validation error (CWE-346) that could allow a local adversary without sufficient privileges to exploit a race condition and shutdown the Zscaler tunnel (NVD).

The vulnerability is classified as a race condition issue in the RPC client validation process. It has been assigned a CVSS v3.1 Base Score of 4.7 (Medium) by NIST with the vector string CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, while Zscaler assessed it with a slightly higher score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (NVD).

The vulnerability affects the availability of the Zscaler tunnel service. When successfully exploited, an attacker with local access but limited privileges could cause a denial of service by shutting down the Zscaler tunnel (NVD).

The vulnerability has been fixed in Zscaler Client Connector version 3.6 for macOS. Users are advised to upgrade to this version or later to address the security issue (NVD).