ZSA-2026-05

Date: 2026-03-25
Affected: All versions of Znuny LTS from 6.5.1 up to including 6.5.18.
All versions of Znuny from 7.2.1 up to including 7.2.3.
All versions of Znuny 6.0, 6.1, 6.2, 6.3, 6.4, 7.0, and 7.1.
Severity: low
CVE: Not requested

Znuny implements Content Security Policy (CSP) headers across its customer, agent, and public interface. However, the configurations are overly permissive and fail to provide adequate protection against some client-side attacks.

Fixed in: Znuny LTS 6.5.19 and Znuny 7.3.1