Zoom Workplace VDI Plugin for Windows - External Control of File Name or Path

Bulletin: ZSB-26007
CVEID: CVE-2026-30905
CVSS Severity: High
CVSS Score: 7.8
CVSS Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Description:

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privledge via local access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace VDI Plugin version 6.6.10

Source:

Reported by sim0nsecurity

Revision	Date	Description
1.0	05/12/2026	Initial publication.

Zoom Workplace VDI Plugin for Windows - External Control of File Name or Path

Subscribe for updates