CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Apr 1, 2026
Description
Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability in the Classic UI where attackers could abuse Cascading Style Sheets (CSS) @import directives in email HTML.
EPSS — Exploit Probability
Higher than 93.0% of all CVEs
Required Action
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2025-66376
Related Articles (5)
CISA orders feds to patch Zimbra XSS flaw exploited in attacks
CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS).
Mar 18, 2026
CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks
Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.
Mar 19, 2026
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Mar 18, 2026
Russian APT Exploits Zimbra Vulnerability Against Ukraine
Insufficient sanitization of CSS content within HTML emails leads to inline script execution when the message is opened in a browser.
Mar 19, 2026
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities.
Mar 19, 2026
Risk Assessment
ELEVATEDDetails
- Severity
- High
- EPSS
- 10.0%
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 5
Timeline
Published
Mar 18, 2026
Added to KEV
Mar 18, 2026
Remediation Due
Apr 1, 2026