Description
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
Published: 2026-05-13
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Zoom Rooms installer for Windows contains an untrusted search path flaw that allows an authenticated user to elevate privileges on the local machine. This weakness is a classic example of CWE-426, where a program searches for executables in an insecure order, potentially loading a malicious file instead of the intended one. An attacker who can run the installer normally can supply a forged executable in a higher‑priority location (e.g., a directory with a higher precedence in the system PATH) and force the installer to execute it, thereby gaining administrative rights within the same user session.

Affected Systems

Zoom Communications Windows Zoom Rooms installations with versions earlier than 7.0.0 are vulnerable. Any user who can authenticate locally and launch the Zoom Rooms installer is at risk. The issue does not affect other Zoom products or remote installations.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, reflecting the potential for privilege escalation and subsequent complete control over the affected system. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so the likelihood of a zero‑day exploit at present is unclear; however, the local nature of the flaw means that an insider or compromised local account could exploit it. Because the attacker only needs local authenticated access, the attack vector is straightforward but requires the ability to run installers.

Generated by OpenCVE AI on May 13, 2026 at 19:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Zoom Rooms to version 7.0.0 or later where the installer search path is properly secured.
  • If upgrading immediately is not possible, restrict installation privileges so only a dedicated system administrator can execute the Zoom Rooms installer.
  • Implement file integrity monitoring on the Zoom Rooms installation directory and system PATH to detect placement of unauthorized executables.

Generated by OpenCVE AI on May 13, 2026 at 19:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:zoom:rooms:*:*:*:*:*:windows:*:*

Thu, 14 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Zoom
Zoom rooms
Vendors & Products Zoom
Zoom rooms

Wed, 13 May 2026 20:00:00 +0000

Type Values Removed Values Added
Title Privilege Escalation via Untrusted Search Path in Zoom Rooms Installer

Wed, 13 May 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 13 May 2026 18:30:00 +0000

Type Values Removed Values Added
Description Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
Weaknesses CWE-426
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Zoom Rooms
cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2026-05-15T03:56:06.142Z

Reserved: 2026-03-06T18:44:57.631Z

Link: CVE-2026-30906

cve-icon Vulnrichment

Updated: 2026-05-13T18:52:58.852Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-13T19:17:05.540

Modified: 2026-06-03T01:25:17.520

Link: CVE-2026-30906

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-14T14:34:10Z

Weaknesses