: A remote, unauthenticated attacker can send specially crafted HTTP requests to the server. This allows them to:
Here:
: Limit outbound connections from the Zimbra server to only essential destinations. cve20207796 zimbra collaboration suite full
: Upgrade to at least Zimbra 8.8.15 Patch 7 or a later version where the security fix is implemented. : A remote, unauthenticated attacker can send specially
: Added to the CISA Known Exploited Vulnerabilities (KEV) Catalog on February 17, 2026 . : A remote
CVE-2020-7796 is a Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It allows unauthenticated remote attackers to force the server to make HTTP requests to arbitrary internal or external hosts by abusing the server as a proxy. Vulnerability Overview Vulnerability Type: Server-Side Request Forgery (SSRF).