theinfosecnews
theinfosecnews
Subscribe to Daily Digest

CVE-2020-7796

CISA KEV

Published February 17, 2026 · Updated April 3, 2026

high

What This Means

**CVE-2020-7796: Zimbra Collaboration Suite SSRF via WebEx Zimlet** Zimbra Collaboration Suite (ZCS) versions with the WebEx zimlet enabled and zimlet JSP functionality active allow unauthenticated attackers to execute server-side request forgery (SSRF) attacks. An attacker can leverage this to access internal services, exfiltrate data from backend systems, or pivot to connected infrastructure. **Immediate actions:** - Audit ZCS installations for WebEx zimlet presence and JSP enablement status. - Disable the WebEx zimlet or upgrade to patched ZCS versions (8.8.15 Patch 28, 9.0.0 Patch 24.4, or later per Synacor advisories). - Monitor logs for suspicious requests to internal IP ranges or service ports originating from ZCS processes. - Restrict network access from ZCS servers to internal services via firewall rules as a compensating control.

Official Description+

Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled.

Affected Products

VendorProduct
SynacorZimbra Collaboration Suite

Patch Status

Patch by 2026-03-10

Recommended Actions

  1. Check if your systems use any of the affected products listed above.
  2. Apply vendor patches immediately if available.
  3. This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
  4. Monitor vendor advisories for updates and additional mitigations.
  5. Review logs for indicators of compromise related to CVE-2020-7796.

Related Coverage

Vvulnerability

CVE-2020-7796: Zimbra Collaboration Suite SSRF Flaw via WebEx Zimlet Exposes Internal Infrastructure

CVE-2020-7796 is an unauthenticated SSRF vulnerability in Synacor Zimbra Collaboration Suite, triggered when the WebEx zimlet is installed and zimlet JSP processing is enabled. Attackers can force the Zimbra server to issue arbitrary internal HTTP requests, enabling access to backend services and cloud metadata endpoints. CISA has added this to its Known Exploited Vulnerabilities catalog with a federal remediation deadline of March 10, 2026.

CISA KEV·45d ago·3 min read