Description
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2026-03-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an improper privilege management issue in certain Zoom Clients for Windows, allowing an authenticated local user to elevate privileges. This weakness is classified as CWE-269. An attacker who can log into the system could exploit this vulnerability to obtain higher-level permissions within the Zoom Workplace application.

Affected Systems

Affected products are Zoom Communications Inc. Zoom Workplace client for Windows. Specific version numbers are not listed in the provided data, so all installed releases of Zoom Workplace on Windows may be vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. EPSS indicates a low likelihood (<1%) of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector requires local authenticated access, as implied by the vendor description that an "authenticated user" can conduct an escalation of privilege. No additional exploitation conditions are stated in the input.

Generated by OpenCVE AI on May 14, 2026 at 21:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the Zoom Workplace client update issued in Zoom Security Bulletin ZSB‑26004, which addresses improper privilege management.
  • Ensure all affected Windows PCs running Zoom Workplace are updated to the patched version, and remove any older installations that remain.
  • Implement local user privilege restrictions: limit local account permissions so that even authenticated users cannot gain elevated rights through Zoom; enforce least privilege and disable any settings that allow Zoom to assign administrative privileges.

Generated by OpenCVE AI on May 14, 2026 at 21:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 14 May 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Zoom rooms
Zoom workplace Desktop
Zoom workplace Virtual Desktop Infrastructure
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_desktop:*:*:*:*:*:windows:*:*
cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*
Vendors & Products Zoom rooms
Zoom workplace Desktop
Zoom workplace Virtual Desktop Infrastructure

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Zoom
Zoom workplace
Vendors & Products Zoom
Zoom workplace

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Title Zoom Clients for Windows - Improper Privilege Management
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zoom Rooms Workplace Workplace Desktop Workplace Virtual Desktop Infrastructure
cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2026-03-12T03:55:32.802Z

Reserved: 2026-03-06T18:44:57.631Z

Link: CVE-2026-30902

cve-icon Vulnrichment

Updated: 2026-03-11T15:56:04.401Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T15:16:30.103

Modified: 2026-05-14T20:28:46.300

Link: CVE-2026-30902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T21:30:12Z

Weaknesses