CVE-2026-33373 โ An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. Aโฆ
๐จ CVE-2026-33373 An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions.
What This Means For You
- New vulnerability disclosed โ verify if your stack is exposed.
Related ATT&CK Techniques
๐ก๏ธ Detection Rules
1 rule ยท 6 SIEM formats1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.
Web Application Exploitation Attempt โ CVE-2026-33373
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-33373 | CSRF | Zimbra Collaboration (ZCS) 10.0, 10.1. Zimbra Web Client. Authentication tokens issued during account state transitions (e.g., enabling 2FA, changing password) lack CSRF protection. |
| CVE-2026-33373 | Auth Bypass | Zimbra Collaboration (ZCS) 10.0, 10.1. Zimbra Web Client. Exploitable via crafted requests to trigger sensitive account actions (e.g., disabling 2FA) without CSRF validation when an unvalidated token is active. |
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Published | April 07, 2026 at 21:56 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Daily Security Digest โ 2026-05-22
13 vulnerability disclosures (5 Critical, 8 High) and 14 curated intelligence stories from 6 sources.
Ghostwriter Targets Ukraine Government with Prometheus Phishing
The Belarus-aligned threat actor, Ghostwriter (also tracked as UAC-0057 and UNC1151), is actively targeting Ukrainian government entities. According to The Hacker News, this group is...
Huawei Router Flaw Triggered Telecom Blackout, SecurityWeek Reports
SecurityWeek reports on a critical flaw in Huawei routers that led to a significant telecom blackout. While details are sparse, the incident underscores the inherent...