Cve20207796 Zimbra Collaboration Suite Full [top] Jun 2026

The Support Engineer’s Last Day

In some scenarios, it may be possible to steal login credentials or inject malware through chained exploits. Current Threat Status cve20207796 zimbra collaboration suite full

CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability in the Synacor Zimbra Collaboration Suite (ZCS) that allows unauthenticated remote attackers to force the server to send HTTP requests to arbitrary internal or external destinations. Rated with a CVSS score of 9.8 , this flaw recently gained renewed attention after being added to CISA's Known Exploited Vulnerabilities (KEV) Catalog in February 2026 due to active exploitation in the wild. Technical Overview The Support Engineer’s Last Day In some scenarios,

Potential for further exploitation or pivoting within the network. National Institute of Standards and Technology (.gov) Technical Analysis The flaw exists within a specific component of the suite: Trigger Component: WebEx zimlet Root Cause: Insufficient validation of user-supplied input when the zimlet JSP (Jakarta Server Pages) functionality is enabled. Exploitation: or social engineering.

The link is sent to a Zimbra user via email, chat, or social engineering.