Technology

CVE-2026-30903 Zoom Vulnerability – Critical CVSS Score

by Anika Shah - Technology
0 comments

Critical Zoom Vulnerability Allows Unauthenticated Remote Privilege Escalation

Zoom has patched a critical vulnerability (CVE-2026-30903) in Zoom Workplace for Windows that could allow an unauthenticated attacker to gain elevated system permissions on a user’s computer. The flaw, rated 9.6 on the CVSS scale, resides within the Mail feature and requires no login credentials to exploit.

Vulnerability Details

The vulnerability, described as an “External Control of File Name or Path” issue, allows an attacker to potentially exploit a user’s Zoom client over the internet to gain elevated system permissions without needing a password [1]. This means a remote attacker could potentially exploit a user’s Zoom client over the internet to gain elevated system permissions without ever needing a password.

Affected Products

The vulnerability affects Zoom Workplace for Windows versions prior to 6.6.0 [1].

Other Vulnerabilities Addressed

Alongside the critical vulnerability, Zoom also addressed three “High” severity vulnerabilities affecting Windows clients:

  • Improper Privilege Management (CVE-2026-30902): Allows a local user to escalate their privileges [2].
  • Version Check Bypass (CVE-2026-30900): An improper version check in the update functionality could allow an authenticated user to gain higher system rights [2].
  • Kiosk Mode Input Validation (CVE-2026-30901): Affects Zoom Rooms for Windows in Kiosk Mode, allowing a local user to bypass restrictions and escalate privileges [2].

Mitigation

Zoom recommends all users update to the latest version of Zoom Workplace for Windows (version 6.6.0 or later) to address these vulnerabilities [1]. Security teams are urged to apply the latest updates immediately to mitigate these risks [2].

CVSS Scores

Here’s a breakdown of the CVSS scores for the identified vulnerabilities:

  • CVE-2026-30903: CVSS v2 Base Score: 10, CVSS v3 Base Score: 9.6 [1]
  • CVE-2026-30902: CVSS v2 Base Score: 7.8 [2]
  • CVE-2026-30900: CVSS v2 Base Score: 7.8 [2]
  • CVE-2026-30901: CVSS v2 Base Score: 7.0 [2]

For more information, refer to the Zoom Security Bulletin.

Related Posts

"Naoya Hida’s 2026 Watch Collection: Updated Classics &...

Linear Rails for Robotic Welding and Cobots

Palazzo Fiuggi’s New Fertility Retreat in Italy

Rakuten: From Online Startup to Global Powerhouse

Juliano Zaffino’s ‘The Steps’: Debut Novel Extract

Crypto Market Breaks Key Psychological Barrier, Signals Return...

WhatsApp to Launch Independent Encrypted Cloud Backups

AhnLab Blockchain Company (ABC) Obtains Virtual Asset License

"MacBook Neo Supply Crisis: Apple Struggles with Explosive...

"Huawei Mate 90 Kirin Chip Leak: Full Specs...

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.