Cyber Posture

CVE-2026-30902

HighLPE

Published: 11 March 2026

Published
11 March 2026
Modified
12 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 3.4th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30902 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Zoom Clients (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-6 Least Privilege good match
prevent

Directly addresses improper privilege management by enforcing least privilege, preventing low-privileged authenticated users from escalating via the Zoom Client vulnerability.

AC-3 Access Enforcement good match
prevent

Enforces access control policies to comprehensively block unauthorized privilege escalations enabled by local access in the flawed Zoom Client.

SI-2 Flaw Remediation good match
prevent

Requires timely flaw remediation, such as patching the specific improper privilege management vulnerability in Zoom Clients for Windows.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

The vulnerability is a local privilege escalation flaw (CWE-269) in the Zoom Windows client that directly enables T1068 by allowing a low-privileged authenticated user to gain full system control through exploitation of improper privilege management.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Deeper analysisAI

CVE-2026-30902 is an Improper Privilege Management vulnerability, mapped to CWE-269, affecting certain Zoom Clients for Windows. Published on 2026-03-11T15:16:30.103, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw enables an authenticated user to escalate privileges through local access.

A local attacker with low privileges, such as a standard authenticated user on the Windows system, can exploit this vulnerability. Exploitation requires low complexity and no user interaction, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full control over the affected system.

Zoom's security bulletin ZSB-26004 provides further details on the vulnerability, available at https://www.zoom.com/en/trust/security-bulletin/zsb-26004.

Details

CWE(s)
CWE-269

Affected Products

Zoom
Clients
inferred from references and description; NVD did not file a CPE for this CVE

CVEs Like This One

CVE-2026-2777Shared CWE-269
CVE-2025-48613Shared CWE-269
CVE-2026-35595Shared CWE-269
CVE-2025-64487Shared CWE-269
CVE-2025-67905Shared CWE-269
CVE-2024-13376Shared CWE-269
CVE-2025-26705Shared CWE-269
CVE-2025-37186Shared CWE-269
CVE-2026-24510Shared CWE-269
CVE-2026-23896Shared CWE-269

References