Zimbra Collaboration Suite (ZCS) vulnerabilities: known CVEs & security history
Synacor · Actively exploited · 82 tracked CVEs · 17 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Zimbra Collaboration Suite (ZCS) release lines — 82 in total, with 17 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Zimbra Collaboration Suite (ZCS)'s current status and the safe version to run.
Known Zimbra Collaboration Suite (ZCS) CVEs
Actively-exploited and most-severe first. Showing the top 80 of 82. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2024-45519⚡ exploited | critical | 10 | 100% | 2024 |
| CVE-2022-41352⚡ exploited | critical | 9.8 | 95% | 2022 |
| CVE-2022-37042⚡ exploited | critical | 9.8 | 88% | 2022 |
| CVE-2020-7796⚡ exploited | critical | 9.8 | 85% | 2020 |
| CVE-2019-9670⚡ exploited | critical | 9.8 | 100% | 2019 |
| CVE-2023-34192⚡ exploited | critical | 9 | 77% | 2023 |
| CVE-2025-68645⚡ exploited | high | 8.8 | 32% | 2025 |
| CVE-2022-27924⚡ exploited | high | 7.5 | 85% | 2022 |
| CVE-2019-9621⚡ exploited | high | 7.5 | 81% | 2019 |
| CVE-2025-66376⚡ exploited | high | 7.2 | 12% | 2026 |
| CVE-2022-27925⚡ exploited | high | 7.2 | 98% | 2022 |
| CVE-2025-48700⚡ exploited | medium | 6.1 | 2% | 2025 |
| CVE-2023-37580⚡ exploited | medium | 6.1 | 59% | 2023 |
| CVE-2022-27926⚡ exploited | medium | 6.1 | 17% | 2022 |
| CVE-2022-24682⚡ exploited | medium | 6.1 | 31% | 2022 |
| CVE-2018-6882⚡ exploited | medium | 6.1 | 24% | 2018 |
| CVE-2025-27915⚡ exploited | medium | 5.4 | 4% | 2025 |
| CVE-2019-6980 | critical | 9.8 | 4% | 2019 |
| CVE-2018-20160 | critical | 9.8 | 2% | 2019 |
| CVE-2017-6821 | critical | 9.8 | 4% | 2017 |
| CVE-2017-6813 | critical | 9.8 | 3% | 2017 |
| CVE-2016-9924 | critical | 9.8 | 3% | 2017 |
| CVE-2016-3415 | critical | 9.1 | 2% | 2017 |
| CVE-2026-33373 | high | 8.8 | 0% | 2026 |
| CVE-2025-32354 | high | 8.8 | 0% | 2025 |
| CVE-2025-25064 | high | 8.8 | 34% | 2025 |
| CVE-2015-7610 | high | 8.8 | 1% | 2018 |
| CVE-2016-3403 | high | 8.8 | 1% | 2017 |
| CVE-2016-3406 | high | 8.8 | 1% | 2017 |
| CVE-2020-12846 | high | 8 | 3% | 2020 |
| CVE-2022-3569 | high | 7.8 | 1% | 2022 |
| CVE-2024-54663 | high | 7.5 | 1% | 2024 |
| CVE-2016-4019 | high | 7.5 | 2% | 2017 |
| CVE-2016-3413 | high | 7.5 | 2% | 2017 |
| CVE-2016-3405 | high | 7.5 | 2% | 2017 |
| CVE-2016-3404 | high | 7.5 | 2% | 2017 |
| CVE-2016-3402 | high | 7.5 | 2% | 2017 |
| CVE-2013-5119 | medium | 6.8 | 1% | 2013 |
| CVE-2019-6981 | medium | 6.5 | 1% | 2019 |
| CVE-2018-10951 | medium | 6.5 | 1% | 2018 |
| CVE-2016-3414 | medium | 6.5 | 2% | 2017 |
| CVE-2016-3401 | medium | 6.5 | 2% | 2017 |
| CVE-2026-33370 | medium | 6.1 | 0% | 2026 |
| CVE-2026-33368 | medium | 6.1 | 0% | 2026 |
| CVE-2024-45516 | medium | 6.1 | 0% | 2025 |
| CVE-2024-50599 | medium | 6.1 | 61% | 2024 |
| CVE-2020-18985 | medium | 6.1 | 1% | 2021 |
| CVE-2020-18984 | medium | 6.1 | 1% | 2021 |
| CVE-2020-13653 | medium | 6.1 | 1% | 2020 |
| CVE-2015-7609 | medium | 6.1 | 1% | 2019 |
| CVE-2018-14425 | medium | 6.1 | 1% | 2019 |
| CVE-2018-18631 | medium | 6.1 | 1% | 2019 |
| CVE-2018-14013 | medium | 6.1 | 7% | 2019 |
| CVE-2018-10939 | medium | 6.1 | 1% | 2018 |
| CVE-2017-17703 | medium | 6.1 | 1% | 2018 |
| CVE-2017-7288 | medium | 6.1 | 2% | 2017 |
| CVE-2016-3999 | medium | 6.1 | 1% | 2017 |
| CVE-2016-3412 | medium | 6.1 | 1% | 2017 |
| CVE-2016-3411 | medium | 6.1 | 4% | 2017 |
| CVE-2016-3410 | medium | 6.1 | 1% | 2017 |
| CVE-2016-3409 | medium | 6.1 | 1% | 2017 |
| CVE-2016-3408 | medium | 6.1 | 1% | 2017 |
| CVE-2016-3407 | medium | 6.1 | 1% | 2017 |
| CVE-2026-33372 | medium | 5.4 | 0% | 2026 |
| CVE-2024-45517 | medium | 5.4 | 1% | 2024 |
| CVE-2024-45514 | medium | 5.4 | 1% | 2024 |
| CVE-2024-45512 | medium | 5.4 | 0% | 2024 |
| CVE-2024-45510 | medium | 5.4 | 0% | 2024 |
| CVE-2024-45511 | medium | 5.4 | 0% | 2024 |
| CVE-2017-8783 | medium | 5.4 | 1% | 2018 |
| CVE-2025-25065 | medium | 5.3 | 1% | 2025 |
| CVE-2020-8633 | medium | 5.3 | 1% | 2020 |
| CVE-2018-15131 | medium | 5.3 | 2% | 2019 |
| CVE-2018-17938 | medium | 5.3 | 1% | 2018 |
| CVE-2018-10950 | medium | 5.3 | 1% | 2018 |
| CVE-2018-10949 | medium | 5.3 | 2% | 2018 |
| CVE-2013-7091 | medium | 5 | 86% | 2013 |
| CVE-2024-45513 | medium | 4.8 | 0% | 2024 |
| CVE-2024-45194 | medium | 4.8 | 0% | 2024 |
| CVE-2018-10948 | medium | 4.8 | 1% | 2019 |
2 older / lower-severity CVEs not shown — see Zimbra Collaboration Suite (ZCS)'s full record.
Is my Zimbra Collaboration Suite (ZCS) version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Zimbra Collaboration Suite (ZCS) version → · Monitor Zimbra Collaboration Suite (ZCS) for new CVEs →
Zimbra Collaboration Suite (ZCS) vulnerabilities — frequently asked
How many known vulnerabilities does Zimbra Collaboration Suite (ZCS) have?
IsItPatched tracks 82 CVEs for Zimbra Collaboration Suite (ZCS), 17 of which are actively exploited (CISA KEV). 12 are critical-severity and 19 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Zimbra Collaboration Suite (ZCS) have any actively-exploited vulnerabilities?
Yes — 17 Zimbra Collaboration Suite (ZCS) CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild (5 linked to ransomware). Patch these as a priority.
What is the most severe Zimbra Collaboration Suite (ZCS) vulnerability?
Among tracked issues, CVE-2024-45519 (CRITICAL, CVSS 10), which is actively exploited, ranks highest — a OS command injection weakness.
Is Zimbra Collaboration Suite (ZCS) safe to use?
It depends on the version. The latest supported Zimbra Collaboration Suite (ZCS) release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Zimbra Collaboration Suite (ZCS) security status · Zimbra Collaboration Suite (ZCS) end-of-life · actively-exploited CVEs. Always verify against Synacor's advisories — see our disclaimer.