CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS) . It has been added to CISA's Known Exploited Vulnerabilities (KEV) Catalog
: Attackers can use the vulnerable server as a "proxy" to reach internal systems that are otherwise protected by firewalls. Data Leakage
| ZCS Version | Vulnerable? | Patch Level |
|-------------|--------------|----------------|
| 8.8.15 | Yes | < Patch 12 |
| 9.0.0 | Yes | < Patch 4 |
| 8.8.15 P12+ | No | Fixed |
| 9.0.0 P4+ | No | Fixed |
| 10.x | Not affected (different architecture) | N/A | cve20207796 zimbra collaboration suite full
If immediate patching is not possible, organizations should consider disabling the WebEx zimlet if it is not business-critical, as this removes the attack vector. Vendor Guidance: Refer to the official Zimbra 8.8.15 P7 Release Notes for specific patching instructions. Proof of Concept (PoC)
CVE ID: CVE-2020-7796 Severity: High (CVSS 7.5 – 8.2 depending on configuration) Affected Software: Zimbra Collaboration Suite (ZCS) versions prior to 8.8.15.patch7 and 8.8.12.patch11. Vulnerability Type: Unrestricted Upload of File with Dangerous Type (Remote Code Execution) Zimbra 8
Data Exfiltration: Sensitive information residing on the internal network, which is otherwise inaccessible from the public internet, can be leaked.
The Account Harvest: From port 7071, she fetches: cve20207796 zimbra collaboration suite full
Despite being originally identified in 2020, CVE-2020-7796 has seen a massive resurgence in activity. Security researchers observed a significant spike in exploitation attempts in early 2026, with nearly 400 distinct IP addresses targeting the flaw globally. This surge prompted CISA to mandate federal agencies to apply fixes by March 10, 2026. Remediation and Mitigation CVE-2020-7796 Detail - NVD