CVE-2026-33371 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS)…
Medium CVSS: 4.3

CVE-2026-33371

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server.
Vendor
Synacor
Product
Zimbra Collaboration Suite
CWE
CWE-611
Yayın Tarihi
2026-03-20 14:16:16
Güncelleme
2026-04-01 15:35:47
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-611 Zimbra Collaboration Suite MEDIUM Synacor 2026

Referanslar

https://wiki.zimbra.com/wiki/Security_Center https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories