{"id":39751,"date":"2026-03-20T10:48:53","date_gmt":"2026-03-20T14:48:53","guid":{"rendered":"https:\/\/www.yorku.ca\/uit\/?p=39751"},"modified":"2026-03-20T09:53:18","modified_gmt":"2026-03-20T14:53:18","slug":"zoom-workplace-for-windows-vulnerability-cve-2026-30903","status":"publish","type":"post","link":"https:\/\/www.yorku.ca\/uit\/2026\/03\/zoom-workplace-for-windows-vulnerability-cve-2026-30903\/","title":{"rendered":"Zoom Workplace for Windows Vulnerability (CVE-2026-30903)"},"content":{"rendered":"
\n
\n
\n

 <\/o:p><\/p>\n

\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n\n\n
\n

\"A<\/span><\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

Information Security Advisory<\/span><\/b><\/o:p><\/span><\/span><\/p>\n


A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE\u20112026\u201130903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths.<\/o:p><\/span><\/p>\n

Severity level:
<\/span><\/b>CVSS Score: 9.6\/Critical

Description<\/b>:
Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this component fails to properly validate file paths, enabling attackers to manipulate file system operations. This flaw allows an unauthenticated remote attacker to manipulate file system operations by supplying crafted path inputs. As a result, the attacker may escalate privileges on the affected system, gaining unauthorized access or control.
<\/span>
Affected Versions:
<\/b>Zoom Workplace for Windows before version 6.6.0.

Impact:
<\/b>Successful exploitation potentially allows attackers to Escalate privileges on the target systems.
<\/span>
Resolution:
<\/b>Upgrade to Zoom Workplace for Windows version 6.6.0 or later immediately.
<\/span>
Reference:<\/b><\/span><\/o:p><\/span><\/p>\n

https:\/\/www.zoom.com\/en\/trust\/security-bulletin\/<\/span><\/a><\/span><\/o:p><\/span><\/p>\n

https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-30903<\/span><\/a><\/span><\/o:p><\/span><\/p>\n

https:\/\/www.tenable.com\/cve\/CVE-2026-30903\/plugins<\/span><\/a><\/span><\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p>\n

<\/p>\n

Information Security<\/span> <\/o:p><\/span><\/p>\n

<\/p>\n

Contact <\/span><\/b><\/o:p><\/span><\/p>\n

IT Client Services at <\/span>askIT@yorku.ca<\/a><\/span><\/a> or 416 736 5800 <\/o:p><\/span><\/span><\/p>\n<\/td>\n<\/tr>\n

\n

 <\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n

\n\n\n\n
\n\n\n\n\n
\n

 <\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n

\n\n\n\n
\n\n\n\n
\n\n\n\n\n
<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n\n\n\n
\n

PRIVACY POLICY<\/span><\/a> | <\/span>VISIT WWW.YORKU.CA<\/span><\/a>
This email was sent by: ¿ì²¥ÊÓƵ, 4700 Keele Street, Toronto, Ontario M3J 1P3<\/b> <\/span><\/o:p><\/span><\/p>\n

This email is viewed best in Microsoft Outlook for web <\/span><\/o:p><\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n

 <\/o:p><\/span><\/p>\n

 <\/o:p><\/span><\/p><\/div>\n<\/p><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

    Information Security Advisory A recently disclosed vulnerability in Zoom Workplace for Windows ( CVE\u20112026\u201130903) allows unauthenticated remote attackers to escalate privileges by exploiting improper control of file names or paths. Severity level: CVSS Score: 9.6\/Critical Description: Zoom Workplace for Windows includes a Mail feature that processes user-supplied file references. In vulnerable versions, this […]<\/p>\n","protected":false},"author":212,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_kad_blocks_custom_css":"","_kad_blocks_head_custom_js":"","_kad_blocks_body_custom_js":"","_kad_blocks_footer_custom_js":"","footnotes":""},"categories":[29],"tags":[],"class_list":["post-39751","post","type-post","status-publish","format-standard","hentry","category-news"],"taxonomy_info":{"category":[{"value":29,"label":"News"}]},"featured_image_src_large":false,"author_info":{"display_name":"aalaily","author_link":"https:\/\/www.yorku.ca\/uit\/author\/aalaily\/"},"comment_info":"","category_info":[{"term_id":29,"name":"News","slug":"news","term_group":0,"term_taxonomy_id":3,"taxonomy":"category","description":"","parent":0,"count":487,"filter":"raw","cat_ID":29,"category_count":487,"category_description":"","cat_name":"News","category_nicename":"news","category_parent":0}],"tag_info":false,"_links":{"self":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts\/39751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/users\/212"}],"replies":[{"embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/comments?post=39751"}],"version-history":[{"count":0,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/posts\/39751\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/media?parent=39751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/categories?post=39751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.yorku.ca\/uit\/wp-json\/wp\/v2\/tags?post=39751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}