CVE-2026-30902
Received Received - Intake
Improper Privilege Management in Zoom Windows Client Enables Escalation

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: Zoom Video Communications, Inc.

Description
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-05-07
AI Q&A
2026-03-11
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30902
EUVD
EUVD-2026-11168
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
zoom workplace to 6.6.0 (exc)
zoom workplace_vdi_client to 6.4.15 (exc)
zoom workplace_vdi_client to 6.5.13 (exc)
zoom workplace_vdi_client to 6.6.10 (exc)
zoom rooms to 6.6.0 (exc)
zoom zoom_clients *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-30902 is a high-severity vulnerability in certain Zoom Clients for Windows caused by improper privilege management.

This flaw allows an authenticated user who has local access to the system to escalate their privileges beyond what they are normally allowed.

In other words, a user with limited permissions could gain higher-level access, potentially compromising the system.


How can this vulnerability impact me? :

The vulnerability can lead to a full compromise of confidentiality, integrity, and availability of the affected system.

  • Confidentiality: Unauthorized access to sensitive information.
  • Integrity: Unauthorized modification or corruption of data.
  • Availability: Potential disruption or denial of service.

This is because an authenticated local user can escalate privileges, gaining control over system resources and data.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, users should apply the latest updates available from Zoom.

  • Update Zoom Workplace for Windows to version 6.6.0 or later.
  • Update Zoom Workplace VDI Client for Windows to versions 6.4.15, 6.5.13, 6.6.10 or later in their respective branches.
  • Update Zoom Rooms for Windows to version 6.6.0 or later.

The latest updates can be found at https://zoom.us/download.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart