CVE-2026-33369 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application f…
Medium CVSS: 4.3

CVE-2026-33369

Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes.
Vendor
Synacor
Product
Zimbra Collaboration Suite
CWE
CWE-20
Yayın Tarihi
2026-03-20 14:16:16
Güncelleme
2026-04-01 15:36:59
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-20 Zimbra Collaboration Suite MEDIUM Synacor 2026

Referanslar

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories