CVE-2026-33371

Source
https://cve.org/CVERecord?id=CVE-2026-33371
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33371.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-33371
Published
2026-03-20T00:00:00Z
Modified
2026-07-08T08:00:09.590790666Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. An XML External Entity (XXE) vulnerability exists in the Zimbra Exchange Web Services (EWS) SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser with external entity resolution enabled. Successful exploitation may allow disclosure of sensitive local files from the server.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33371.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/zimbra/zm-build

Affected ranges

Type
GIT
Repo
https://github.com/zimbra/zm-build
Events
Database specific
{
    "cpe": "cpe:2.3:a:synacor:zimbra_collaboration_suite:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "10.0.0"
        },
        {
            "fixed": "10.1.16"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-33371.json"