1. Home
  2. CVE Database
  3. CVE-2026-30903
CRITICAL · 9.6

CVE-2026-30903

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Vulnerability Description

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

CVSS Score

9.6

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
ZoomWorkplace Desktop< 6.6.0
ZoomWorkplace Virtual Desktop Infrastructure>= 6.4.0, < 6.4.17

Related Weaknesses (CWE)

CWE-73CWE-610

References

FAQ

What is CVE-2026-30903?

CVE-2026-30903 is a vulnerability with a CVSS score of 9.6 (CRITICAL). External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

How severe is CVE-2026-30903?

CVE-2026-30903 has been rated CRITICAL with a CVSS base score of 9.6/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2026-30903?

Check the references section above for vendor advisories and patch information. Affected products include: Zoom Workplace Desktop, Zoom Workplace Virtual Desktop Infrastructure.