CVE-2021-26734

Name of the Vulnerable Software and Affected Versions Zscaler Client Connector Installer on Windows versions prior to 3.4.0.124

Description The issue arises from the improper handling of directory junctions during the uninstallation process of the Zscaler Client Connector Installer on Windows. This could allow a local adversary to delete folders in an elevated context.

Recommendations For versions prior to 3.4.0.124, update to version 3.4.0.124 or later to resolve the issue. As a temporary workaround, consider restricting access to the uninstallation process to minimize the risk of exploitation.