XML External Entity Vulnerability in Zimbra Collaboration by Zimbra
CVE-2026-33371
Currently unrated
What is CVE-2026-33371?
An XML External Entity (XXE) vulnerability has been identified in Zimbra Collaboration Suite 10.0 and 10.1, arising from inadequate handling of XML input within the Zimbra Exchange Web Services (EWS) SOAP interface. This vulnerability permits an authenticated attacker to send specially crafted XML data, which is then processed by an XML parser with external entity resolution enabled. Exploiting this flaw can lead to the exposure of sensitive local files stored on the server, posing a significant risk to data integrity and confidentiality.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.