CSRF Vulnerability in Zimbra Collaboration by Zimbra
CVE-2026-33372
What is CVE-2026-33372?
A vulnerability exists in Zimbra Collaboration (ZCS) versions 10.0 and 10.1 that permits cross-site request forgery (CSRF) attacks due to incorrect validation of CSRF tokens. The application mistakenly accepts CSRF tokens received in the request body rather than enforcing their presence in the required request header. An attacker can exploit this flaw by deceiving an authenticated user into executing a malicious request, which could result in unauthorized actions being taken on the user's behalf. It is crucial for administrators and users of Zimbra Collaboration to implement security measures to address this vulnerability.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.