← back
CVE-2026-30901

Zoom Rooms for Windows - Improper Input Validation

CVSS 7 HIGHEPSS 0.1%CWE-20
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Mar 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
Zoom Communications Inc. · Zoom Rooms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zoom.com/en/trust/security-bulletin/zsb-26003