Report Incident
× Home DPO CyberHub Rw-CSIRT Website About Rw-CSIRT Alerts Advisories About NCSA Documentation News & Events Topics Contact us Opportunities Privacy Policy

Security Alert: Critical Security Vulnerability in Zimbra Classic Web Client

A critical vulnerability has been identified in the Zimbra Collaboration Suite (ZCS) Classic Web Client. Exploitation may allow malicious code execution through crafted emails, leading to unauthorized access to mailbox data and account settings.
 
Affected Systems:
  • Zimbra Collaboration Suite (ZCS): Systems using the Classic Web Client with versions prior to 10.1.19.
 
Security Risks
 
Successful exploitation could enable attackers to run malicious code when a crafted email is opened. This may result in unauthorized access to user sessions, mailbox contents, or account configuration.
 
For additional information on this Zimbra security update and available patches, please refer to the official Zimbra Product News.

 
Recommended Actions
 
The National Cyber Security Authority (NCSA) recommends users and system administrators to:
 
1. Update affected Zimbra Collaboration Suite (ZCS) Classic Web Client installations as soon as possible to the latest supported security releases to address the vulnerability.
 
Upgrade to the following supported versions:
 
2. Before applying updates, ensure that a current and verified backup is available and can be restored if needed.
 
For further information and support, please contact the National Cyber Security Authority (NCSA) by email to rwcsirt@ncsa.gov.rw or call us on 9009.
 
References

14 July 2026

© 2026 National Cyber Security Authority