CVE-2026-33369

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 10.0 and 10.1

Description Zimbra Collaboration (ZCS) contains an LDAP injection flaw in the Mailbox SOAP service during a FolderAction operation. The application does not adequately sanitize user-provided input before using it in an LDAP search filter. An authenticated attacker can exploit this by sending a specially crafted SOAP request to manipulate the LDAP query, potentially gaining access to sensitive directory attributes.

Recommendations Versions prior to 10.0 and 10.1 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.