Hello Customer,
This is an advanced notification to Zimbra partners that we have released Zimbra version 10.1.18 to address CVE-2026-49975. We will be notifying all customers on Wednesday June 17, 2026.
Since the disclosure of CVE-2026-49975 on June 8, 2026, Zimbra has proactively assessed the potential impact on deployments and implemented the necessary mitigations in this emergency release.
These updates reduce the risk of denial-of-service attacks exploiting this vulnerability, helping to ensure continued service availability and platform stability for all customers.
Patch Security Severity: High
Deployment Risk: Low
🚨 Action Required
We strongly encourage all customers and partners to prioritize upgrading to Zimbra 10.1.18. This update is essential to maintaining a strong security posture and minimizing exposure to risk.
For complete details and implementation guidance, please refer to:
Temporary Mitigation: Disable HTTP/2 on the Zimbra NGINX proxy until your upgrade to 10.1.18 is complete.