CVE-2026-30901

Published Mar 11, 2026

Last updated 11 days ago

CVSS high 7.0

Overview

Description
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
Source
security@zoom.us
NVD status
Analyzed
Products
rooms

Risk scores

CVSS 3.1

Type
Primary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@zoom.us
CWE-20
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.CVE-2026-30902
  2. External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.CVE-2025-67461
  3. Protection Mechanism Failure of Software Downgrade in Zoom Rooms for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via local access.CVE-2025-67460
  4. External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-64739
  5. Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-62483

References

Sources include official advisories and independent security research.