Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
Critical Zimbra Flaw Could Let Crafted Emails Run Malicious Code in User Sessions
11 July 2026
Zimbra is urging customers to apply updates to address a critical security vulnerability impacting the Classic Web Client that could result in arbitrary code execution.
The vulnerability has been described as a case of stored cross-site scripting (XSS) that could allow specially crafted emails to execute malicious scripts in a user's session. It has yet to be assigned a CVE identifier.
"The