CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Synacor Zimbra Collaboration Suite (ZCS) that allows unauthenticated remote attackers to force the server to send HTTP requests to arbitrary internal or external destinations. Rated with a CVSS score of 9.8, this flaw recently gained renewed attention after being added to CISA's Known Exploited Vulnerabilities (KEV) Catalog in February 2026 due to active exploitation in the wild. Technical Overview
The phrase “CVE-2020-27996 Zimbra Collaboration Suite Full” often appears in exploit databases and security write-ups to indicate full chain exploitation — meaning the XSS alone is not the final goal; it is used as a stepping stone for:
Implement strict outbound firewall rules for the mail server to prevent it from initiating unauthorized connections to sensitive internal subnets. General Best Practices: Follow the Zimbra Security Checklist , including enabling Two-Factor Authentication (2FA) and securing interprocess communication or provide a patch management schedule for your team? cve20207796 zimbra collaboration suite full
A typical unauthenticated RCE request looks like this (simplified):
Despite being originally identified in 2020, CVE-2020-7796 has seen a massive resurgence in activity. Security researchers observed a significant spike in exploitation attempts in early 2026, with nearly 400 distinct IP addresses targeting the flaw globally. This surge prompted CISA to mandate federal agencies to apply fixes by March 10, 2026. Remediation and Mitigation CVE-2020-7796 Detail - NVD Immediate Patching: Upgrade the ZCS environment to the
The vulnerability stems from a leftover JSP file, httpPost.jsp, within the WebEx zimlet (com_zimbra_webex) . This file contains insufficient validation of user-supplied URLs, allowing a remote attacker to use the Zimbra server as a proxy . Potential Impacts:
CVE-2020-7796 is a critical Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite (ZCS). It allows unauthenticated remote attackers to force the server to make HTTP requests to arbitrary internal or external hosts by abusing the server as a proxy. Vulnerability Overview Vulnerability Type: Server-Side Request Forgery (SSRF). cve20207796 zimbra collaboration suite full
Vulnerability Details