CVE-2026-33371

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration versions 10.0 through 10.1

Description An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server. The vulnerability occurs when processing XML data through the SOAP interface.

Recommendations Versions prior to 10.0 and versions after 10.1 are not affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.