CVE-2026-33372

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration (ZCS) versions 10.0 and 10.1

Description A cross-site request forgery (CSRF) issue was identified in Zimbra Webmail. The application does not properly validate CSRF tokens, accepting them from the request body instead of the expected request header. This allows an attacker to potentially perform unauthorized actions on behalf of an authenticated user by submitting a crafted request.

Recommendations Update to a newer version that contains a fix for this vulnerability.