{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-33369", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-03-20T14:05:21.155Z", "dateReserved": "2026-03-19T00:00:00.000Z", "datePublished": "2026-03-20T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-20T14:05:21.155Z"}, "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}, {"url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes."}], "id": "CVE-2026-33369", "lastModified": "2026-03-20T14:16:16.017", "metrics": {}, "published": "2026-03-20T14:16:16.017", "references": [{"source": "cve@mitre.org", "url": "https://wiki.zimbra.com/wiki/Security_Center"}, {"source": "cve@mitre.org", "url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes"}, {"source": "cve@mitre.org", "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"}, {"source": "cve@mitre.org", "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{}