Description
Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2026-03-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Local privilege escalation
Action: Immediate Patch
AI Analysis

Impact

Zoom Workplace Clients for Windows contain an improper check of the minimum required version during the update process. The flaw allows an authenticated local user to trigger the update mechanism in a way that bypasses the expected version validation, giving the user the ability to elevate privileges on the affected system.

Affected Systems

The vulnerability impacts Zoom Communications Inc. Zoom Workplace clients for Windows. No specific affected version range is listed in the provided information.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity for potential exploitation. The EPSS score is reported as less than 1%, suggesting a low probability of active exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Attackers must be authenticated and have local access to the victim machine, making the primary attack vector local. Given that the flaw permits escalation of privilege, the resulting impact could allow a local attacker to gain elevated permissions, potentially compromising system integrity and all user data on the host.

Generated by OpenCVE AI on March 17, 2026 at 16:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the Zoom Workplace update that addresses CVE-2026-30900 as published by Zoom. If a patch is not yet available, disable automatic or manual update functionality for Zoom Workplace Clients until a vendor release is issued. Verify that clients are running only authorized, patched versions and monitor for any unauthorized configuration changes.

Generated by OpenCVE AI on March 17, 2026 at 16:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Zoom
Zoom workplace
Vendors & Products Zoom
Zoom workplace

Thu, 12 Mar 2026 05:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Title Zoom Workplace Clients for Windows - Improper Check
Weaknesses CWE-754
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zoom Workplace
cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2026-03-12T03:55:30.656Z

Reserved: 2026-03-06T18:44:57.630Z

Link: CVE-2026-30900

cve-icon Vulnrichment

Updated: 2026-03-11T14:58:44.254Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T15:16:29.787

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-30900

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:12Z

Weaknesses