Vulnerability in Synacor Zimbra Collaboration (July 7, 2026)
A vulnerability has been discovered in Synacor Zimbra Collaboration. It allows an attacker to cause a remote indirect code injection (XSS).
CSIRTS triage
- What
- A vulnerability allows remote indirect code injection (XSS).
- Who is affected
- Users of Synacor Zimbra Collaboration are affected.
- Urgency
- The urgency is unclear due to the unknown severity of the vulnerability.
- Action
- Monitor for updates and apply patches as they become available.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Zimbra Collaboration
Get an email when a new Zimbra Collaboration advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0844/
Recent advisories for Synacor Zimbra Collaboration
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- criticalexploitedCVE-2025-48700: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerabilitycisa-kev · 2026-04-20
- criticalexploitedCVE-2025-66376: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting Vulnerabilitycisa-kev · 2026-03-18
- criticalexploitedCVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerabilitycisa-kev · 2026-02-17
- criticalexploitedCVE-2025-68645: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerabilitycisa-kev · 2026-01-22
- criticalexploitedCVE-2025-27915: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerabilitycisa-kev · 2025-10-07
- criticalexploitedCVE-2019-9621: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerabilitycisa-kev · 2025-07-07
More from CERT-FR Avis de sécurité
- unknownMultiple vulnerabilities in Red Hat Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Ubuntu Linux kernel (July 10, 2026)2026-07-10
- unknownMultiple vulnerabilities in Progress MOVEit Transfer (July 10, 2026)2026-07-10
- unknownVulnerability in NetApp ONTAP 9 (July 10, 2026)2026-07-10
- unknownVulnerability in CPython (July 10, 2026)2026-07-10