CVE-2026-33370

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 10.0 and 10.1

Description A stored cross-site scripting (XSS) issue exists in the Zimbra Briefcase feature because of inadequate sanitization of certain uploaded file types. When a user opens a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript executes within the user’s session. This could allow an attacker to execute arbitrary scripts, potentially resulting in data exfiltration or other unauthorized actions performed as the victim user.

Recommendations Update to a newer version that contains a fix for this vulnerability.