Hello
Just a reminder that because AI is getting quicker and better at discovering Linux vulnerabilities, it is essential that your app connectors be patched as soon as possible.
1) it’s always good to limit network access to your app connectors. They only need to be able to make outbound traffic requests. Any inbound access rules should be limited to the minimum (e.g. from Cyberark VMs or your dedicated SSH box)
2) review and delete any non-essential accounts to minimise the exposure to privilege escalation attacks
3) Make sure that Zscaler software version, Zscaler manager software version as well as OS version are all updated.
4) Consider enabling the new Managed software/Manage OS updates feature from Zscaler. Please note that these two features are still in Limited Availability status.
If you have a lot of app connectors, consider automation tools like Ansible or Terraform (Captain Obvious strikes again, k’boom!)
Here’s a really nice entry on the recent Copy Fail vulnerability:
https://www.microsoft.com/en-us/security/blog/2026/05/01/cve-2026-31431-copy-fail-vulnerability-enables-linux-root-privilege-escalation/
My name is Tomek De Wille. Welcome to my blog about Zscaler 