CISA orders federal agencies to patch actively exploited Zimbra XSS flaw

CISA has added CVE-2025-66376, a stored cross-site scripting flaw in Zimbra Collaboration Suite, to its Known Exploited Vulnerabilities catalog and ordered federal civilian agencies to fix it by April 8, 2026. The agency announced the addition on March 18, 2026, which triggers remediation under Binding Operational Directive 22-01. The vulnerability affects Zimbra Collaboration 10.0 before […] The post CISA orders federal agencies to patch actively exploited Zimbra XSS flaw appeared first on VPN Central.