THREATOPS
THREAT OPSThreat News › Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions

lowthehackernewsPublished 2026-07-11

Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.

The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier.

"The

Original source: https://thehackernews.com/2026/07/critical-zimbra-flaw-could-let-crafted_0483473395.html