Description
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
Published: 2026-05-13
Score: 1.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A protection mechanism failure (CWE‑693) in Zoom Workplace for iOS before version 7.0.0 enables an authenticated user to disclose sensitive information when the device is physically accessed. The flaw involves a lapse in countermeasures that normally guard against data exposure during physical access, allowing an attacker who has already authenticated to Zoom to retrieve data that should otherwise remain protected.

Affected Systems

Zoom Communications’ Zoom Workplace application for iOS versions earlier than 7.0.0 is affected. Users of these older releases running the app on iOS devices are at risk if the device is physically accessed by an attacker.

Risk and Exploitability

The CVSS score of 1.8 indicates a low severity vulnerability. No EPSS score is available, and the flaw is not listed in the CISA KEV catalog. Exploitation requires physical access to a device where the user is already authenticated to the Zoom Workplace app. Because the attack vector is limited to physical possession and the vulnerability does not affect unauthenticated users or remote attackers, the overall risk to systems and data is minimal under normal circumstances.

Generated by OpenCVE AI on May 13, 2026 at 20:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Zoom Workplace for iOS to version 7.0.0 or later.
  • Use device management to enforce strong passcodes, screen lock, and restrict physical access to devices that have authenticated Zoom Workplace sessions.
  • Configure Zoom Workplace to require re‑authentication after device restarts or after a configurable period of inactivity, ensuring no unattended sessions remain active.

Generated by OpenCVE AI on May 13, 2026 at 20:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
First Time appeared Zoom
Zoom workplace
CPEs cpe:2.3:a:zoom:workplace:*:*:*:*:*:iphone_os:*:*
Vendors & Products Zoom
Zoom workplace

Wed, 13 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Zoom Workplace iOS Physical Access Information Disclosure

Wed, 13 May 2026 20:00:00 +0000

Type Values Removed Values Added
First Time appeared Zoom Communications
Zoom Communications zoom Workplace
Vendors & Products Zoom Communications
Zoom Communications zoom Workplace

Wed, 13 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
Weaknesses CWE-693
References
Metrics cvssV3_1

{'score': 1.8, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Zoom Workplace
Zoom Communications Zoom Workplace
cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2026-05-13T18:49:31.960Z

Reserved: 2026-03-06T18:44:57.631Z

Link: CVE-2026-30904

cve-icon Vulnrichment

Updated: 2026-05-13T18:49:23.511Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-13T19:17:05.210

Modified: 2026-06-03T01:22:50.007

Link: CVE-2026-30904

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T20:45:04Z

Weaknesses