← back
CVE-2026-30900

Zoom Workplace Clients for Windows - Improper Check

CVSS 7.8 HIGHEPSS 0.1%CWE-754
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.8EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Zoom Communications Inc. · Zoom Workplace

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zoom.com/en/trust/security-bulletin/zsb-26002