How to patch Zimbra Collaboration
Zimbra · Actively exploited · 5 steps · Zimbra Collaboration Suite (ZCS) security status → · updated June 2026
Zimbra webmail is a frequent exploitation target, so patch promptly. Updates are applied as the zimbra user via your package manager, stopping and starting services around the upgrade.
Zimbra Collaboration Suite (ZCS) has 17 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.
Check your current version first
Before you patch, record what you're running (Server shell (zimbra user)):
su - zimbra -c "zmcontrol -v"Or paste your version into the checker for an instant verdict.
Step by step
As the zimbra user run zmcontrol -v to record the current version and patch level.
Check the Zimbra Security Advisory for the fixed version or patch that addresses your exposure.
Back up the server (config and data) before applying any update.
Stop services (zmcontrol stop), update the Zimbra packages with your OS package manager (apt/yum/zypper) or the Zimbra patch as documented, then start services (zmcontrol start).
Run zmcontrol -v again to confirm the new version, and check the web client works.
- Zimbra has had multiple actively-exploited XSS/RCE bugs — patch quickly and restrict admin access.
- Run patch steps as the zimbra user, not root, unless the package manager step requires sudo.
Official sources
- Advisory: Zimbra Security Advisories ↗
- Download: Zimbra release notes / downloads ↗
Don't patch blind. Zimbra Collaboration Suite (ZCS) has 17 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.
Zimbra Collaboration Suite (ZCS) security status →Stay ahead of the next one
- Zimbra Collaboration Suite (ZCS) security status & health score — score, open CVEs and safe version.
- Zimbra Collaboration Suite (ZCS) vulnerabilities — the full CVE list and what's exploited.
- Monitor Zimbra Collaboration Suite (ZCS) — get an email alert the moment a new exploited vulnerability lands.
Frequently asked questions
What is the latest version of Zimbra Collaboration Suite (ZCS)?
Check the current supported Zimbra Collaboration Suite (ZCS) release on its product page or the official vendor advisory, then patch to it.
How do I check which version of Zimbra Collaboration Suite (ZCS) I am running?
Use: su - zimbra -c "zmcontrol -v" (Server shell (zimbra user)). Record the result before and after patching to confirm the update applied.
Is Zimbra Collaboration Suite (ZCS) being actively exploited right now?
Yes — 17 Zimbra Collaboration Suite (ZCS) vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.
How do I patch Zimbra Collaboration Suite (ZCS) safely without breaking production?
Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.
Patch steps are general, well-established guidance for Zimbra Collaboration Suite (ZCS) — always test in a non-production environment first and follow the official Zimbra advisory for your exact version. IsItPatched is independent and not affiliated with Zimbra; this is not a substitute for vendor documentation. See our disclaimer.