CVE-2026-33370
Stored XSS in Zimbra Briefcase Enables Session Hijacking
Publication date: 2026-03-20
Last updated on: 2026-04-01
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synacor | zimbra_collaboration_suite | From 10.0.0 (inc) to 10.1.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
To mitigate the stored cross-site scripting (XSS) vulnerability in the Zimbra Briefcase feature (CVE-2026-33370), you should apply the patch provided in the Zimbra Daffodil 10.1.16 release.
This patch fixes the vulnerability by preventing unsafe inline rendering of specific uploaded file types when shared publicly, thereby stopping malicious script execution.
Updating to Zimbra Collaboration version 10.1.16 or later is the recommended immediate step to secure your system against this issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-33370 is a stored cross-site scripting (XSS) vulnerability found in the Zimbra Collaboration Suite (ZCS) versions 10.0 and 10.1, specifically in the Briefcase feature.'}, {'type': 'paragraph', 'content': "The vulnerability arises because certain uploaded file types are not properly sanitized when they are shared publicly. When a user opens such a publicly shared Briefcase file containing malicious scripts, the embedded JavaScript executes within the context of the user's session."}, {'type': 'paragraph', 'content': 'This allows an attacker to run arbitrary scripts on behalf of the victim user, potentially leading to unauthorized actions or data theft.'}] [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute arbitrary JavaScript code in your user session when you open a malicious file shared via the Zimbra Briefcase.
Such script execution can lead to unauthorized actions performed on your behalf, including data exfiltration or manipulation of your account or data.
In practical terms, this means your sensitive information could be stolen or your account could be compromised without your knowledge.