Zoom Workplace for Windows Vulnerability (CVE-2026-30903)
Posted on
March 20, 2026
Information Security Advisory
A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE‑2026‑30903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths.
Severity level: CVSS Score: 9.6/Critical Description: Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this component fails to properly validate file paths, enabling attackers to manipulate file system operations. This flaw allows an unauthenticated remote attacker to manipulate file system operations by supplying crafted path inputs. As a result, the attacker may escalate privileges on the affected system, gaining unauthorized access or control. Affected Versions: Zoom Workplace for Windows before version 6.6.0. Impact: Successful exploitation potentially allows attackers to Escalate privileges on the target systems. Resolution: Upgrade to Zoom Workplace for Windows version 6.6.0 or later immediately. Reference:
