{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-33369", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-23T13:36:25.874Z", "dateReserved": "2026-03-19T00:00:00.000Z", "datePublished": "2026-03-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T14:05:21.155Z"}, "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T13:36:22.516187Z", "id": "CVE-2026-33369", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T13:36:25.874Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-33369", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T13:36:22.516187Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T13:36:03.252Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes"}], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T14:05:21.155Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33369", "state": "PUBLISHED", "dateUpdated": "2026-03-23T13:36:25.874Z", "dateReserved": "2026-03-19T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-20T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8DBE536-EAB0-48FF-A195-C0DB0A7FBCA0", "versionEndExcluding": "10.1.16", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes."}, {"lang": "es", "value": "Zimbra Collaboration (ZCS) 10.0 y 10.1 contiene una vulnerabilidad de inyecci\u00f3n LDAP en el servicio SOAP de Mailbox dentro de una operaci\u00f3n FolderAction. La aplicaci\u00f3n no logra sanear adecuadamente la entrada proporcionada por el usuario antes de incorporarla a un filtro de b\u00fasqueda LDAP. Un atacante autenticado puede explotar este problema enviando una solicitud SOAP manipulada que manipula la consulta LDAP, permitiendo la recuperaci\u00f3n de atributos de directorio sensibles."}], "id": "CVE-2026-33369", "lastModified": "2026-04-01T15:36:59.913", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-20T14:16:16.017", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory", "Release Notes"], "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "tags": ["Release Notes"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "10.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "10.1"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "collaboration", "vendor": "zimbra"}], "analysis": {"en": {"generated_at": "2026-04-02T04:19:34.242686+00:00", "value": {"mitigation_remediation": ["Apply the ZCS patch version 10.1.16 or higher from Zimbra\u2019s Security Advisories", "Verify the patch has been applied by confirming the new version number and testing the SOAP service", "If the system cannot be upgraded immediately, restrict access to the SOAP service to authorized users only using firewall or ACLs", "Monitor logs for anomalous SOAP requests that may indicate exploitation attempts", "Keep the system updated with future security patches"], "summary": {"action": "Patch Immediately", "impact": "Sensitive Attribute Disclosure"}, "threat_synthesis": {"affected_systems": "The flaw affects Zimbra Collaboration Suite 10.0 and 10.1. This includes the ZCS product received from Synacor. Versions prior to 10.0 and later releases beyond 10.1 are not listed as affected in the CNA data.", "description_and_impact": "An LDAP injection flaw exists in the Mailbox SOAP service of Zimbra Collaboration Suite 10.0 and 10.1. The vulnerability allows an authenticated attacker to inject crafted LDAP search filters through a FolderAction SOAP request, enabling the retrieval of sensitive directory attributes. This can lead to confidentiality compromise, exposing user attributes such as email addresses and directory entries that should remain private.", "risk_and_exploitability": "The CVSS base score of 4.3 indicates a moderate impact, while the EPSS score of less than 1% suggests a low likelihood of exploitation in the wild. The attack requires valid authentication, meaning attackers need compromised credentials or privileged access. The vulnerability is not currently listed in the CISA KEV catalog. Despite the limited exploitation window, the ability to expose sensitive directory information warrants prompt remediation."}}}}, "created": "2026-03-20T16:28:01.805944+00:00", "updated": "2026-04-02T07:59:41.615242+00:00", "vendors": ["zimbra", "zimbra$PRODUCT$collaboration"]}