HIGH🇵🇱 Wersja polska

CVE-2026-30900

CVSS 7.8v3.1pub. 2026-03-11upd. 2026-05-14

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Zoom Meeting Software Development Kit

    APP
    Zoom
    6.6.0 – 6.6.11 (bez)
  • Zoom Workplace Desktop

    APP
    Zoom
    6.6.0 – 6.6.11 (bez)
  • Zoom Workplace Virtual Desktop Infrastructure

    APP
    Zoom
    ≤ 6.6.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-30903CRITICAL9.6PL ✓ten sam produkt

Zoom Workplace dla Windows — privilege escalation przez kontrolę ścieżki pliku w funkcji Mail

CVE-2025-49457CRITICAL9.6PL ✓ten sam produkt

Untrusted search path w klientach Zoom dla Windows — privilege escalation przez sieć

CVE-2024-24691CRITICAL9.6PL ✓ten sam produkt

Privilege escalation w Zoom Desktop Client, VDI Client i Meeting SDK dla Windows

CVE-2026-53408HIGH8.1ten sam produkt

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and...

CVE-2026-30905HIGH7.8ten sam produkt

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before vers...