CVE-2026-30900
Received
Received - Intake
Privilege Escalation via Version Check Flaw in Zoom Windows Client
Vulnerability report for CVE-2026-30900, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: Zoom Video Communications, Inc.
Description
Description
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| zoom | workplace | to 6.6.11 (exc) |
| zoom | workplace_vdi | to 6.6.10 (exc) |
| zoom | meeting_sdk | to 6.6.11 (exc) |
| zoom | zoom_client | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |