Zimbra releases security updates
Zimbra developers released the Zimbra Daffodil 10.1.16 security update to fix vulnerabilities that affect all versions of Zimbra. An attacker could exploit some of these vulnerabilities (CVE-2026-33368, CVE-2026-33369, CVE-2026-33370, CVE-2026-33371, CVE-2026-33372) to trigger cross-site scripting, information leakage and sensitive information disclosure on the targeted system.
Moreover, a previously discovered security vulnerability (CVE-2025-48700) in Zimbra likely to be exploited in the wild. This vulnerability affects Zimbra versions prior to Zimbra 9.0.0 Patch 43, Zimbra 10.0.12, Zimbra 10.1.4, Zimbra 8.8.15 Patch 47.
Users are advised to use the latest versions of Zimbra - Zimbra Daffodil 10.1.16 releases and higher.
Source: zimbra.com
24 April 2026