Cve20207796 Zimbra Collaboration Suite Full __top__ <UHD 2025>

An unauthenticated attacker sends a tailored HTTP POST or GET request containing a target URL pointing to an internal resource (e.g., http://127.0.0 or cloud metadata endpoints like http://169.254.169 ). The Zimbra server implicitly trusts its internal framework, executes the request on behalf of the attacker, and forwards the response back to the malicious source. Potential Impact on the Enterprise

Attackers can exploit this when both the WebEx Zimlet is installed and its JSP functionality is enabled.

SSRF vulnerabilities occur when an attacker can abuse the functionality of a web application to force it to send crafted requests to a destination of the attacker’s choosing. cve20207796 zimbra collaboration suite full

Many microservices and internal back-ends lack strict authentication because they assume the local network is safe. An attacker can leverage the trusted status of the Zimbra server to execute commands on those internal endpoints. How to Detect CVE-2020-7796

Disclaimer: The information in this article is based on publicly available data from 2020-2026. Always consult official Zimbra security advisories for the most up-to-date information. An unauthenticated attacker sends a tailored HTTP POST

In some scenarios, an SSRF vulnerability can be chained with other vulnerabilities to achieve full remote code execution on the server. Remediation and Mitigation (How to Patch)

: Added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on February 17, 2026 . SSRF vulnerabilities occur when an attacker can abuse

When the WebEx zimlet processes requests, it relies on a JavaServer Pages (JSP) endpoint to fetch external data or synchronize event details. Because the endpoint does not properly validate the structure or destination of user-submitted HTTP parameters, a threat actor can supply a modified path.