CVE-2026-30900
Received Received - Intake
Privilege Escalation via Version Check Flaw in Zoom Windows Client

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: Zoom Video Communications, Inc.

Description
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-30900
EUVD
EUVD-2026-11164
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
zoom workplace to 6.6.11 (exc)
zoom workplace_vdi to 6.6.10 (exc)
zoom meeting_sdk to 6.6.11 (exc)
zoom zoom_client *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-754 The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30900 is a high-severity vulnerability in certain Zoom Workplace Clients for Windows. It occurs due to an improper check of the minimum version in the update functionality. This flaw may allow an authenticated user with local access and low privileges to escalate their privileges on the system without requiring any user interaction.

The vulnerability specifically affects Zoom Workplace for Windows versions before 6.6.11 in the 6.6.x branch, Zoom Workplace VDI Client for Windows version 6.6.10, and Zoom Meeting SDK for Windows before version 6.6.11 in the 6.6.x branch.

Impact Analysis

This vulnerability can impact you by allowing an authenticated local user with low privileges to escalate their privileges on the affected Zoom client software. This escalation can compromise the confidentiality, integrity, and availability of the system.

Because the attacker can gain higher privileges, they may be able to access sensitive information, modify data, or disrupt services on the affected machine.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects certain Zoom Workplace Clients for Windows versions before 6.6.11 in the 6.6.x branch, Zoom Workplace VDI Client for Windows version 6.6.10, and Zoom Meeting SDK for Windows before version 6.6.11 in the 6.6.x branch.'}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you should check the installed Zoom client version on your Windows machines.'}, {'type': 'list_item', 'content': 'Open Command Prompt or PowerShell and run: "wmic product where "name like \'%Zoom%\'" get Name, Version"'}, {'type': 'list_item', 'content': 'Alternatively, check the version via the Zoom client interface under Help > About Zoom.'}, {'type': 'paragraph', 'content': 'If the version is below 6.6.11 (or 6.6.10 for VDI client), the system is vulnerable.'}] [1]

Mitigation Strategies

The immediate mitigation step is to update the affected Zoom clients to the latest versions.

  • Update Zoom Workplace Clients for Windows to version 6.6.11 or later.
  • Update Zoom Workplace VDI Client for Windows to version 6.6.10 or later.
  • Update Zoom Meeting SDK for Windows to version 6.6.11 or later.

Users can download the latest updates from https://zoom.us/download.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30900. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart