CVE-2026-30902
Received Received - Intake
Improper Privilege Management in Zoom Windows Client Enables Escalation

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: Zoom Video Communications, Inc.

Description
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30902
EUVD
EUVD-2026-11168
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
zoom workplace to 6.6.0 (exc)
zoom workplace_vdi_client to 6.4.15 (exc)
zoom workplace_vdi_client to 6.5.13 (exc)
zoom workplace_vdi_client to 6.6.10 (exc)
zoom rooms to 6.6.0 (exc)
zoom zoom_clients *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30902 is a high-severity vulnerability in certain Zoom Clients for Windows caused by improper privilege management.

This flaw allows an authenticated user who has local access to the system to escalate their privileges beyond what they are normally allowed.

In other words, a user with limited permissions could gain higher-level access, potentially compromising the system.

Impact Analysis

The vulnerability can lead to a full compromise of confidentiality, integrity, and availability of the affected system.

  • Confidentiality: Unauthorized access to sensitive information.
  • Integrity: Unauthorized modification or corruption of data.
  • Availability: Potential disruption or denial of service.

This is because an authenticated local user can escalate privileges, gaining control over system resources and data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, users should apply the latest updates available from Zoom.

  • Update Zoom Workplace for Windows to version 6.6.0 or later.
  • Update Zoom Workplace VDI Client for Windows to versions 6.4.15, 6.5.13, 6.6.10 or later in their respective branches.
  • Update Zoom Rooms for Windows to version 6.6.0 or later.

The latest updates can be found at https://zoom.us/download.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30902. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart