2026-03-24 15:21:05
VulnCheck
PUBLISHED
Zimbra Collaboration Suite (ZCS) PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell expansion syntax through the RCPT TO parameter to achieve remote code execution under the Zimbra service context.