External Control of File Name Vulnerability in Zoom Workplace for Windows

CVE-2026-30903

What is CVE-2026-30903?

CVE-2026-30903 is a vulnerability in Zoom Workplace for Windows, specifically affecting versions prior to 6.6.0. This flaw is categorized as an "External Control of File Name" vulnerability, which enables unauthenticated users to manipulate file names or paths through the Mail feature. The potential exploitation of this vulnerability could allow attackers to escalate their privileges without appropriate authentication, potentially granting them unauthorized access to sensitive information or control over various functionalities within the application. Given Zoom's widespread use for business communication and collaboration, the implications of this vulnerability could be far-reaching, affecting organizational workflows and data security.

Potential impact of CVE-2026-30903

1. Unauthorized Access: Due to the nature of the vulnerability, an unauthenticated user could leverage it to gain elevated privileges, resulting in unauthorized access to sensitive data or features within the Zoom application.

2. Data Leakage: If exploited, this vulnerability could lead to the unauthorized disclosure of confidential communications or business-related documents, posing a significant risk to organizational privacy and compliance.

3. Widespread Disruption: The exploitation of the vulnerability may enable attackers to disrupt communications and operational processes within affected organizations, leading to downtime and adversely impacting productivity.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References