Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Zimbra Collaboration (ZCS) 10.0 and 10.1 contains an LDAP injection vulnerability in the Mailbox SOAP service within a FolderAction operation. The application fails to properly sanitize user-supplied input before incorporating it into an LDAP search filter. An authenticated attacker can exploit this issue by sending a crafted SOAP request that manipulates the LDAP query, allowing retrieval of sensitive directory attributes.
AnalysisAI
An LDAP injection vulnerability exists in Zimbra Collaboration Server (ZCS) versions 10.0 and 10.1 within the Mailbox SOAP service's FolderAction operation. An authenticated attacker can exploit this issue by sending a crafted SOAP request containing malicious LDAP filter syntax to bypass input validation and retrieve sensitive directory attributes from the LDAP backend. This vulnerability enables information disclosure of directory data that should be access-controlled.
Technical ContextAI
The vulnerability exists in the SOAP-based Mailbox service, which interfaces with the underlying LDAP directory service used by Zimbra for user and group management. The FolderAction operation accepts user input that is incorporated directly into LDAP search filters without proper sanitization or parameterization. LDAP injection (related to CWE-90: Improper Neutralization of Special Elements used in an LDAP Query) occurs when special LDAP metacharacters such as asterisks (*), parentheses, and Boolean operators are not escaped before being passed to the LDAP search engine. The affected products include Zimbra Collaboration Server (ZCS) as identified in vendor security advisories and release notes, though the specific CPE string was not fully populated in public records at the time of CVE assignment.
RemediationAI
Upgrade Zimbra Collaboration Server to version 10.1.16 or later, which includes the security fix for this LDAP injection vulnerability as documented at https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.16#Security_Fixes. For organizations unable to patch immediately, implement network-level access controls to restrict SOAP service access to trusted administrative networks and disable FolderAction operations for non-administrative accounts if operationally feasible. Review LDAP query logs for signs of exploitation attempts using patterns containing LDAP metacharacters. Consult Zimbra's Responsible Disclosure Policy (https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy) and Security Center (https://wiki.zimbra.com/wiki/Security_Center) for additional guidance.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-13692