EUVD-2026-17106
GHSA-pqjp-hqqg-x9w2
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A Cross-Site Request Forgery (CSRF) vulnerability exists in Zimbra Web Client due to the issuance of authentication tokens without CSRF protection during certain account state transitions. Specifically, tokens generated after operations such as enabling two-factor authentication or changing a password may lack CSRF enforcement. While such a token is active, authenticated SOAP requests that trigger token generation or state changes can be performed without CSRF validation. An attacker could exploit this by inducing a victim to submit crafted requests, potentially allowing sensitive account actions such as disabling two-factor authentication. The issue is mitigated by ensuring CSRF protection is consistently enforced for all issued authentication tokens.
Analysis
Cross-Site Request Forgery in Zimbra Collaboration Server 10.0 and 10.1 allows remote attackers to perform sensitive account actions such as disabling two-factor authentication by inducing authenticated users to submit crafted requests, exploiting insufficient CSRF protection on authentication tokens issued during account state transitions like password changes or 2FA enablement. No public exploit code has been identified at time of analysis, and patch availability has been confirmed in vendor advisories for versions 10.0.18 and 10.1.13.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today