LDAP Injection Vulnerability in Zimbra Collaboration by Zimbra

CVE-2026-33369

What is CVE-2026-33369?

Zimbra Collaboration versions 10.0 and 10.1 are susceptible to an LDAP injection vulnerability within the Mailbox SOAP service, particularly during a FolderAction operation. The flaw arises from inadequate input sanitization of user-supplied data, allowing an authenticated attacker to craft a malicious SOAP request. This manipulation can alter the underlying LDAP query, potentially exposing sensitive directory attributes that should remain confidential.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References