Zoom Workplace Clients for Windows - Improper Check

Bulletin: ZSB-26002
CVEID: CVE-2026-30900
CVSS Severity: High
CVSS Score: 7.8
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description:

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Windows before version 6.6.11 in the 6.6.x branch
Zoom Workplace VDI Client for Windows version 6.6.10 specifically (VDI branches below 6.6.x are not affected)
Zoom Meeting SDK for Windows before version 6.6.11 in the 6.6.x branch

Source:

Reported by sim0nsecurity

Revision	Date	Description
1.0	03/10/2026	Initial publication

Zoom Workplace Clients for Windows - Improper Check

Subscribe for updates