CVE-2026-30905

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

high 7.8 CVSS 3.1
Published: May 13, 2026
Modified: Jun 3, 2026
Vendor: Zoom
Product: Workplace Virtual Desktop Infrastructure

Description

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

References

Related CVEs

CVE-2026-30904 low · 1.8
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
CVE-2026-30906 high · 7.8
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.