Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HZoom Meeting Software Development Kit
APPZoom6.6.0 – 6.6.11 (bez)Zoom Workplace Desktop
APPZoom6.6.0 – 6.6.11 (bez)Zoom Workplace Virtual Desktop Infrastructure
APPZoom≤ 6.6.10
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2026-30903CRITICAL9.6PL ✓ten sam produkt
Zoom Workplace dla Windows — privilege escalation przez kontrolę ścieżki pliku w funkcji Mail
CVE-2025-49457CRITICAL9.6PL ✓ten sam produkt
Untrusted search path w klientach Zoom dla Windows — privilege escalation przez sieć
CVE-2024-24691CRITICAL9.6PL ✓ten sam produkt
Privilege escalation w Zoom Desktop Client, VDI Client i Meeting SDK dla Windows
CVE-2026-53408HIGH8.1ten sam produkt
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and...
CVE-2026-30905HIGH7.8ten sam produkt
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before vers...