Cve20207796 Zimbra Collaboration Suite ((free)) Full

: After upgrading, administrators should use the zmcontrol -v command to verify the current patch level. 2. Immediate Temporary Mitigations

CWE-918: Server-Side Request Forgery (SSRF) Severity: Critical (CVSS 9.8) Attack Vector: Network / Remote Authentication Required: None User Interaction: None cve20207796 zimbra collaboration suite full

If immediate patching is not possible, organizations should consider disabling the WebEx zimlet if it is not business-critical, as this removes the attack vector. Vendor Guidance: Refer to the official Zimbra 8.8.15 P7 Release Notes for specific patching instructions. Proof of Concept (PoC) : After upgrading, administrators should use the zmcontrol

: Added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on February 17, 2026 . Vendor Guidance: Refer to the official Zimbra 8

CISA added this to its Known Exploited Vulnerabilities (KEV) catalog in early 2026, noting that hundreds of IP addresses have been observed actively exploiting this flaw across multiple countries. National Institute of Standards and Technology (.gov) Remediation & Fixes Update Immediately: Apply the latest patch or upgrade to Zimbra 8.8.15 Patch 7 or higher. Temporary Mitigation:

To mitigate the effects of CVE-2020-7796, organizations using the Zimbra Collaboration Suite should:

ALL CATEGORIES

Cve20207796 Zimbra Collaboration Suite ((free)) Full

+597 490-066Online Support

sales@chs.srSales!

Mon - Fri 8:00 - 16:00Working Days/Hours!

CUSTOMER SERVICE

Information

Social

Cve20207796 Zimbra Collaboration Suite ((free)) Full

Sign Up For Newsletter

+597 490-066Online Support

sales@chs.srSales!

Mon - Fri 8:00 - 16:00Working Days/Hours!