Cve20207796 Zimbra Collaboration Suite Full ~repack~ May 2026

Security Advisory Report: CVE-2020-7796

Subject: CVE-2020-7796 - Zimbra Collaboration Suite (ZCS) Remote Code Execution Vulnerability

In an SSRF attack, an unauthenticated remote attacker can force the vulnerable Zimbra server to make HTTP requests to arbitrary internal or external hosts. Internal Proxying cve20207796 zimbra collaboration suite full

Affected Software: Zimbra Collaboration Suite versions prior to 8.8.15 Patch 7 cve20207796 zimbra collaboration suite full

Maya’s SIEM dashboard lights up with a medium-severity alert: CVE-2020-7796. The description is short: "Zimbra Collaboration Suite – SSRF via the 'ContactEmails' parameter in the 'ProxyServlet'." cve20207796 zimbra collaboration suite full

Root Cause Analysis

The vulnerability resides in improper sanitization of user-supplied input passed to the fmt parameter within certain Zimbra endpoints, such as: