CVE-2026-30903
Received Received - Intake
Path Traversal in Zoom Workplace Mail Enables Privilege Escalation

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: Zoom Video Communications, Inc.

Description
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30903
EUVD
EUVD-2026-11170
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
zoom workplace_vdi_client to 6.6.10 (exc)
zoom workplace_vdi_client to 6.5.15 (exc)
zoom workplace_vdi_client to 6.4.17 (exc)
zoom workplace to 6.6.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30903 is a critical vulnerability in the Mail feature of Zoom Workplace for Windows versions prior to 6.6.0. It involves external control of file names or paths, which allows an unauthenticated attacker to manipulate these file names or paths via network access.

This manipulation can lead to an escalation of privilege, meaning the attacker can gain higher-level access or control over the affected system without proper authentication.

Impact Analysis

This vulnerability can have a severe impact as it allows an unauthenticated attacker to escalate their privileges on the affected system remotely via network access.

Such an escalation can lead to full compromise of confidentiality, integrity, and availability of the system, potentially allowing the attacker to execute arbitrary code, access sensitive data, or disrupt services.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, users should apply the latest updates available from Zoom.

  • Update Zoom Workplace for Windows to version 6.6.0 or later.
  • Update Zoom Workplace VDI Client for Windows to versions 6.4.17, 6.5.15, 6.6.10 or later in their respective branches.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30903. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart