{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30900", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2026-03-06T18:44:57.630Z", "datePublished": "2026-03-11T14:44:36.366Z", "dateUpdated": "2026-03-12T03:55:30.656Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-03-11T14:44:36.366Z"}, "title": "Zoom Workplace Clients for Windows - Improper Check", "datePublic": "2026-03-10T12:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions", "type": "CWE"}]}], "affected": [{"vendor": "Zoom Communications Inc.", "product": "Zoom Workplace", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "6.6.0", "lessThan": "6.6.11", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26002"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-30900"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-12T03:55:30.656Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30900", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-11T14:58:27.510223Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T14:58:44.254Z"}}], "cna": {"title": "Zoom Workplace Clients for Windows - Improper Check", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications Inc.", "product": "Zoom Workplace", "versions": [{"status": "affected", "version": "6.6.0", "lessThan": "6.6.11", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2026-03-10T12:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26002"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754: Improper Check for Unusual or Exceptional Conditions"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-03-11T14:44:36.366Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30900", "state": "PUBLISHED", "dateUpdated": "2026-03-12T03:55:30.656Z", "dateReserved": "2026-03-06T18:44:57.630Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2026-03-11T14:44:36.366Z", "assignerShortName": "Zoom"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*", "matchCriteriaId": "FD804C73-54B7-4FF6-ADEF-EB279977FAF3", "versionEndExcluding": "6.6.11", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*", "matchCriteriaId": "C04F1CBB-A53C-421A-BBA5-6EC3B2CB4BE3", "versionEndExcluding": "6.6.11", "versionStartIncluding": "6.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "matchCriteriaId": "EB3D3897-5003-4611-96FE-11E50164E4E6", "versionEndIncluding": "6.6.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access."}, {"lang": "es", "value": "Verificaci\u00f3n incorrecta de la versi\u00f3n m\u00ednima en la funcionalidad de actualizaci\u00f3n de ciertos Clientes de Zoom para Windows podr\u00eda permitir a un usuario autenticado realizar una escalada de privilegios a trav\u00e9s de acceso local."}], "id": "CVE-2026-30900", "lastModified": "2026-05-14T21:06:34.453", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2026-03-11T15:16:29.787", "references": [{"source": "security@zoom.us", "tags": ["Vendor Advisory"], "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26002"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "security@zoom.us", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["windows"], "status": "affected", "versions": {"scheme": "semver", "value": "[6.6.0,6.6.11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Zoom Workplace", "source": "cna", "vendor": "Zoom Communications Inc."}, "product": "workplace", "vendor": "zoom"}], "analysis": {"en": {"generated_at": "2026-03-17T16:00:44.380217+00:00", "value": {"mitigation_remediation": ["Apply the Zoom Workplace update that addresses CVE-2026-30900 as published by Zoom. If a patch is not yet available, disable automatic or manual update functionality for Zoom Workplace Clients until a vendor release is issued. Verify that clients are running only authorized, patched versions and monitor for any unauthorized configuration changes."], "summary": {"action": "Immediate Patch", "impact": "Local privilege escalation"}, "threat_synthesis": {"affected_systems": "The vulnerability impacts Zoom Communications Inc. Zoom Workplace clients for Windows. No specific affected version range is listed in the provided information.", "description_and_impact": "Zoom Workplace Clients for Windows contain an improper check of the minimum required version during the update process. The flaw allows an authenticated local user to trigger the update mechanism in a way that bypasses the expected version validation, giving the user the ability to elevate privileges on the affected system.", "risk_and_exploitability": "The CVSS score of 7.8 indicates a high severity for potential exploitation. The EPSS score is reported as less than 1%, suggesting a low probability of active exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers must be authenticated and have local access to the victim machine, making the primary attack vector local. Given that the flaw permits escalation of privilege, the resulting impact could allow a local attacker to gain elevated permissions, potentially compromising system integrity and all user data on the host."}}}}, "created": "2026-03-12T10:05:51.223643+00:00", "updated": "2026-03-20T14:37:12.778316+00:00", "vendors": ["zoom", "zoom$PRODUCT$workplace"]}