Cve20207796 Zimbra Collaboration Suite [repack] Full Now

While the vulnerability was first identified in 2020, it remains a major threat. , citing active exploitation in the wild. Organizations were given a due date of March 10, 2026, to apply mitigations. Affected Versions

In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status cve20207796 zimbra collaboration suite full

A successful exploit can lead to serious consequences, including: While the vulnerability was first identified in 2020,

Insufficient validation of user-supplied URLs within a Zimbra application component. Technical Impact Affected Versions In some scenarios, it may be

If immediate patching is impossible, ensure that the WebEx Zimlet JSP functionality is disabled unless strictly necessary.

Upgrade to Zimbra Collaboration 8.8.15 Patch 7 or later . This version contains the necessary security fixes for this SSRF flaw.

The vulnerability is specifically linked to the WebEx Zimlet ( com_zimbra_webex ) when the Zimlet JSP functionality is enabled.