CVE-2026-30905

Published May 13, 2026

Last updated 5 days ago

CVSS high 7.8

Overview

Description
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
Source
security@zoom.us
NVD status
Analyzed
Products
workplace_virtual_desktop_infrastructure

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@zoom.us
CWE-73
nvd@nist.gov
CWE-610

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.CVE-2026-30902
  2. External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.CVE-2026-30903
  3. Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.CVE-2026-30900
  4. External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.CVE-2025-64739
  5. Improper verification of cryptographic signature in the installer for Zoom Workplace VDI Client for Windows may allow an authenticated user to conduct an escalation of privilege via local access.CVE-2025-64740

References

Sources include official advisories and independent security research.