Cyber Posture

CVE-2026-30900

High

Published: 11 March 2026

Published
11 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.1th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30900 is a high-severity Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability in Zoom Clients (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly requires timely patching of the improper minimum version check flaw in Zoom Client update functionality as detailed in the vendor security bulletin.

SI-7 Software, Firmware, and Information Integrity partial match
prevent

Verifies software integrity during updates to detect and prevent exploitation of improper version checks that could lead to privilege escalation.

AC-6 Least Privilege partial match
prevent

Enforces least privilege on processes including update mechanisms, limiting the scope and success of local privilege escalation by low-privileged authenticated users.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local privilege escalation via improper minimum version check in Zoom update functionality directly matches exploitation of a software vulnerability for privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Deeper analysisAI

CVE-2026-30900 involves an improper check of minimum version in the update functionality of certain Zoom Clients for Windows. This flaw, linked to CWE-754, enables an authenticated user to conduct an escalation of privilege via local access. It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-11T15:16:29.787.

A local attacker with low privileges, such as an authenticated user on the Windows system, can exploit this vulnerability due to its low attack complexity and lack of need for user interaction. Successful exploitation allows high-impact gains in confidentiality, integrity, and availability, typically manifesting as privilege escalation.

Zoom's security bulletin at https://www.zoom.com/en/trust/security-bulletin/zsb-26002 provides details on advisories and patches for mitigation.

Details

CWE(s)
CWE-754

Affected Products

Zoom
Clients
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-2801Shared CWE-754
CVE-2026-4707Shared CWE-754
CVE-2026-4686Shared CWE-754
CVE-2025-24975Shared CWE-754
CVE-2026-24054Shared CWE-754
CVE-2025-59960Shared CWE-754
CVE-2026-4699Shared CWE-754
CVE-2026-8091Shared CWE-754
CVE-2026-31790Shared CWE-754
CVE-2026-6772Shared CWE-754

References