Medium severity4.3NVD Advisory· Published Mar 20, 2026· Updated Apr 1, 2026
CVE-2026-33369
CVE-2026-33369
Description
Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*Range: >=10.0.0,<10.1.16
Patches
Vulnerability mechanics
References
4- wiki.zimbra.com/wiki/Security_CenternvdVendor AdvisoryRelease Notes
- wiki.zimbra.com/wiki/Zimbra_Security_AdvisoriesnvdVendor Advisory
- wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16nvdRelease Notes
- wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_PolicynvdProduct
News mentions
0No linked articles in our index yet.