—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Denial of Service Vulnerability in Zimbra Collaboration Suite

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Zimbra Collaboration Suite (ZCS) versions prior to 10.1.18.

Overview

A vulnerability has been reported in Zimbra Collaboration Suite (ZCS) which could allow an unauthenticated remote attacker to cause a denial-of-service (DoS) condition on the targeted system.

Target Audience:

Individuals and organizations using Zimbra Collaboration Suite (ZCS) for enterprise email and communication systems.

Risk Assessment:

High risk of unauthenticated remote Denial of Service (DoS) attacks.

Impact Assessment:

Service disruption, resource exhaustion, web proxy crash, and temporary unavailability of the enterprise communication stack.

Description

Zimbra Collaboration Suite (ZCS) is an enterprise email and collaboration platform that provides email, calendaring, contacts, file sharing and messaging services.

This vulnerability exists in Zimbra due to flawed resource handling mechanisms. An unauthenticated remote attacker can exploit this vulnerability by sending specially crafted malicious HTTP requests to the affected system.

Successful exploitation of this vulnerability could allow a remote attacker to cause a Denial of Service (DoS) condition on the targeted system.

Solution

Apply appropriate software updates as mentioned:

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.18#Security_Fixes

Vendor Information

Zimbra

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.18#Security_Fixes

References

 

https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.18#Security_Fixes

CVE Name

CVE-2026-49975

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmo6mV0ACgkQ3jCgcSdc

ys/73Q//U/CGMLfY0dDBmEV+QMVkgziF/bDGYFVUdtmrPsHY34GodNuH3nmDyj+A

TZC3H8l4yRSVY8d4o4zxTO7oMwWNXobs4mAr872LNqy+nnheZtfNN85wY85D/60k

KLHZWgVU/GMjD+XAmadyGuin7e+akaP77DPD/bB3C11pA/y+Wjkwzguuzc/9kAsp

a/wkis2uZiaFG1kbOnNpXbH0ZyEnelitsu3JDFE9oBdRgVPlp5Ru7Ftw2uTN7KbD

rl/wpWquKhAW5fDKH2V/MG1a9l6q63mwYJ7adtbmiSzDEre1elD5ubo3T6WFN5eB

dDz0iUibY5LMX6PHjNAT64sCt+IVCgsQsp9cFfoQT74nlWTmI1+mzJCKw6aJhLto

n8gHMlMoNxFlbxSIATb6WY64+RQI1SAtlfinNJmuhocrV5k/FDfxWUCMHB2uEFNR

Y5hhvQfVz6s2ZYMBB2MRb4vnqFFROaKCI7GV8kWnGsyrca4zrB2seYx+MUG6Peuk

LKsApkhyftQ/mLZuaq7yKfPxrPmbtmi+jm8GM5/TgSzTk4ev0I/B863DnPpD4FmA

0J+eDiEmQZkl5GuqYNZ3oXiv8D2seFDHjYSPDX/5XEGHKvTTR81yYj1sG33M+dx9

XVVDxnYjr1aJa7ZbHXfdTgtoTPflGQotUMpx9Y7cqroLJv+Bojg=

=3t+1

—–END PGP SIGNATURE—–