Description
Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2026-03-11
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The flaw is an improper privilege management issue in certain Zoom Clients for Windows, allowing an authenticated local user to elevate privileges. This weakness is classified as CWE-269. An attacker who can log into the system could exploit this vulnerability to obtain higher-level permissions within the Zoom Workplace application.

Affected Systems

Affected products are Zoom Communications Inc. Zoom Workplace client for Windows. Specific version numbers are not listed in the provided data, so all installed releases of Zoom Workplace on Windows may be vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 7.8 indicates a high severity. EPSS indicates a low likelihood (<1%) of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector requires local authenticated access, as implied by the vendor description that an "authenticated user" can conduct an escalation of privilege. No additional exploitation conditions are stated in the input.

Generated by OpenCVE AI on March 17, 2026 at 16:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify Zoom Workplace client is up‑to‑date according to Zoom Security Bulletin ZSB‑26004.
  • Apply the latest Zoom client update on all Windows machines running Zoom Workplace.
  • After updating, confirm that the client version reflects the patched state (e.g., by checking the patch notes or the application’s version display).

Generated by OpenCVE AI on March 17, 2026 at 16:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Zoom
Zoom workplace
Vendors & Products Zoom
Zoom workplace

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Description Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.
Title Zoom Clients for Windows - Improper Privilege Management
Weaknesses CWE-269
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zoom Workplace
cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2026-03-12T03:55:32.802Z

Reserved: 2026-03-06T18:44:57.631Z

Link: CVE-2026-30902

cve-icon Vulnrichment

Updated: 2026-03-11T15:56:04.401Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-11T15:16:30.103

Modified: 2026-03-12T21:08:22.643

Link: CVE-2026-30902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:37:10Z

Weaknesses