Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation - CyberSecurityNews

Home Cyber Security News Zoom Workplace for Windows Vulnerabilities Allow Privilege Escalation Zoom has released four security bulletins on March 10, 2026, disclosing multiple vulnerabilities across its Windows-based client suite. The flaws, ranging from High to Critical severity, could allow attackers to escalate privileges on affected systems, with one critical flaw exploitable by unauthenticated remote attackers with no prior system access. The most severe vulnerability, tracked as CVE-2026-30903 (ZSB-26005), is classified as Critical and targets the Mail feature within Zoom Workplace for Windows. The flaw stems from External Control of File Name or Path, a weakness that lets an attacker manipulate file references to execute unauthorized operations. An unauthenticated user could exploit this vulnerability via network access to escalate privileges on affected systems. The CVSS vector confirms that the attack requires no authentication and can be launched remotely, making it the most dangerous of the four disclosures. All Zoom Workplace for Windows installations running versions prior to 6.6.0 are affected. Privilege Management and Input Validation Vulnerabilities Three additional High-severity vulnerabilities round out the disclosure batch. CVE-2026-30902 (ZSB-26004) affects Zoom Clients for Windows and involves Improper Privilege Management, where incorrectly assigned user privileges could be abused to gain unauthorized elevated access. CVE-2026-30901 (ZSB-26003) targets Zoom Rooms for Windows and involves Improper Input Validation, a class of vulnerability that allows malformed or unexpected inputs to trigger unintended behaviors, potentially including code execution or privilege changes. CVE-2026-30900 (ZSB-26002) affects Zoom Workplace Clients for Windows and is described as an Improper Check flaw, suggesting a failure in verification logic that could be leveraged to bypass access controls. Zoom has consistently patched similar Windows-side privilege escalation issues in recent cycles, including a Critical CVE-2025-49457 (CVSS 9.6) disclosed in August 2025, which also allowed unauthenticated network-based privilege escalation across multiple Windows clients. CVE ID Bulletin Product Vulnerability Type Severity Published CVE-2026-30903 ZSB-26005 Zoom Workplace for Windows External Control of File Name or Path Critical 03/10/2026 CVE-2026-30902 ZSB-26004 Zoom Clients for Windows Improper Privilege Management High 03/10/2026 CVE-2026-30901 ZSB-26003 Zoom Rooms for Windows Improper Input Validation High 03/10/2026 CVE-2026-30900 ZSB-26002 Zoom Workplace Clients for Windows Improper Check High 03/10/2026 Mitigations Zoom has issued patches addressing all four vulnerabilities. Organizations and individual users should take the following steps immediately: Update all Zoom Workplace for Windows installations to version 6.6.0 or later. Update Zoom Rooms for Windows and Zoom Clients for Windows to the latest available build. Download updates directly from the official Zoom download portal at zoom.us/download. Prioritize patching endpoints where Zoom Workplace is actively used, particularly in email-intensive or enterprise virtual desktop environments. Audit user privilege configurations within Zoom deployments to limit blast radius in the event of exploitation. Monitor network traffic for anomalous Zoom-related file access patterns that may indicate exploitation attempts against CVE-2026-30903. Zoom urges all Windows users to apply these updates without delay, noting that no additional mitigations are available outside of upgrading to the patched version. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. RELATED ARTICLESMORE FROM AUTHOR Cyber Security HackerOne Data Breach – Employees Data Stolen Following Navia Hack Cyber Security News Dell Wyse Management Vulnerabilities Enables Complete System Compromise Cyber Security News Tycoon2FA Operators Resume Cloud Account Phishing After Infrastructure Disruption Top 10 Essential E-Signature Solutions for Cybersecurity in 2026 January 31, 2026 Top 10 Best Data Removal Services In 2026 January 29, 2026 Best VPN Services of 2026: Fast, Secure & Affordable January 26, 2026 Top 10 Best Data Security Companies in 2026 January 23, 2026 Top 15 Best Ethical Hacking Tools – 2026 January 15, 2026