AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2020-7796: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesFebruary 16, 2026CVE-2020-7796

Summary

Zimbra Collaboration Suite (ZCS), an email and collaboration platform, has a server-side request forgery vulnerability (SSRF, where an attacker tricks the server into making unauthorized requests to internal systems) if the WebEx zimlet, a plugin that adds functionality, is installed and zimlet JSP (Java Server Pages, a way to generate dynamic web content) is enabled. This vulnerability is currently being exploited by attackers in real-world attacks.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 93.5%

Exploit Maturity

🔥 Actively Exploited

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-918

CAPEC (Attack Pattern)

CAPEC-664

Original source: https://nvd.nist.gov/vuln/detail/CVE-2020-7796

First tracked: February 17, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%