Escalation of Privilege in Zoom Workplace VDI Plugin for Windows
CVE-2026-30905

7.8HIGH

Key Information:

Vendor: Zoom Communications
Status: Zoom Workplace Vdi Plugin
Vendor: CVE Published:; 13 May 2026

🔔 Create Zoom Communications Vulnerability Alert

What is CVE-2026-30905?

The Zoom Workplace VDI Plugin for Windows contains a vulnerability that could allow an authenticated user with local access to escalate their privileges. This specific flaw in the Universal Installer before version 6.6.11 may be exploited through the mishandling of file names or paths, posing a risk to the integrity and security of the affected systems.

Affected Version(s)

Zoom Workplace VDI Plugin Windows 0 < 6.6.11

References

https://www.zoom.com/en/trust/security-bulletin/zsb-26007

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 13, 2026
Vulnerability Reserved
Mar 6, 2026

CVE-2026-30905 Data

JSON