Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation

Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite.

The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable by unauthenticated remote attackers with no prior system access.

The most severe vulnerability, tracked as CVE-2026-30903 (ZSB-26005), is classified as Critical and targets the Mail feature within Zoom Workplace for Windows.

The flaw stems from External Control of File Name or Path, a weakness that lets an attacker manipulate file references to execute unauthorized operations. An unauthenticated user could exploit this vulnerability via network access to escalate privileges on affected systems.

The CVSS vector confirms that the attack requires no authentication and can be launched remotely, making it the most dangerous of the four disclosures. All Zoom Workplace for Windows installations running versions prior to 6.6.0 are affected.

Privilege Management and Input Validation Vulnerabilities

Three additional High-severity vulnerabilities round out the disclosure batch. CVE-2026-30902 (ZSB-26004) affects Zoom Clients for Windows and involves Improper Privilege Management, where incorrectly assigned user privileges could be abused to gain unauthorized elevated access.

CVE-2026-30901 (ZSB-26003) targets Zoom Rooms for Windows and involves Improper Input Validation, a class of vulnerability that allows malformed or unexpected inputs to trigger unintended behaviors, potentially including code execution or privilege changes.

CVE-2026-30900 (ZSB-26002) affects Zoom Workplace Clients for Windows and is described as an Improper Check flaw, suggesting a failure in verification logic that could be leveraged to bypass access controls.

Zoom has consistently patched similar Windows-side privilege escalation issues in recent cycles, including a Critical CVE-2025-49457 (CVSS 9.6) disclosed in August 2025, which also allowed unauthenticated network-based privilege escalation across multiple Windows clients.

CVE ID	Bulletin	Product	Vulnerability Type	Severity	Published
CVE-2026-30903	ZSB-26005	Zoom Workplace for Windows	External Control of File Name or Path	Critical	03/10/2026
CVE-2026-30902	ZSB-26004	Zoom Clients for Windows	Improper Privilege Management	High	03/10/2026
CVE-2026-30901	ZSB-26003	Zoom Rooms for Windows	Improper Input Validation	High	03/10/2026
CVE-2026-30900	ZSB-26002	Zoom Workplace Clients for Windows	Improper Check	High	03/10/2026

Mitigations

Zoom has issued patches addressing all four vulnerabilities. Organizations and individual users should take the following steps immediately:

• Update all Zoom Workplace for Windows installations to version 6.6.0 or later.
• Update Zoom Rooms for Windows and Zoom Clients for Windows to the latest available build.
• Download updates directly from the official Zoom download portal at zoom.us/download.
• Prioritize patching endpoints where Zoom Workplace is actively used, particularly in email-intensive or enterprise virtual desktop environments.
• Audit user privilege configurations within Zoom deployments to limit blast radius in the event of exploitation.
• Monitor network traffic for anomalous Zoom-related file access patterns that may indicate exploitation attempts against CVE-2026-30903.

Zoom urges all Windows users to apply these updates without delay, noting that no additional mitigations are available outside of upgrading to the patched version.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation appeared first on Cyber Security News.