Cyber Resilience

CVE-2026-30902

HighLPEUpdated

Published: 11 March 2026

Published
11 March 2026
Modified
14 May 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 4.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30902 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Zoom Workplace Virtual Desktop Infrastructure. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 4.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2026-30902 is an Improper Privilege Management vulnerability, mapped to CWE-269, affecting certain Zoom Clients for Windows. Published on 2026-03-11T15:16:30.103, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The flaw enables an authenticated user to escalate privileges through local access.

A local attacker with low privileges, such as a standard authenticated user on the Windows system, can exploit this vulnerability. Exploitation requires low complexity and no user interaction, allowing the attacker to achieve high impacts on confidentiality, integrity, and availability, potentially leading to full control over the affected system.

Zoom's security bulletin ZSB-26004 provides further details on the vulnerability, available at https://www.zoom.com/en/trust/security-bulletin/zsb-26004.

EU & UK References

Vulnerability details

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The vulnerability is a local privilege escalation flaw (CWE-269) in the Zoom Windows client that directly enables T1068 by allowing a low-privileged authenticated user to gain full system control through exploitation of improper privilege management.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-30900Same product: Zoom Workplace Desktop
CVE-2025-0151Same product: Zoom Rooms
CVE-2025-27440Same product: Zoom Rooms
CVE-2025-27439Same product: Zoom Rooms
CVE-2024-45421Same product: Zoom Rooms
CVE-2026-30903Same product: Zoom Workplace Desktop
CVE-2024-45418Same product: Zoom Rooms
CVE-2025-49457Same product: Zoom Rooms
CVE-2026-30905Same product: Zoom Workplace Virtual Desktop Infrastructure
CVE-2025-0145Same product: Zoom Rooms

Affected Assets

zoom
rooms
≤ 6.6.0
zoom
workplace desktop
≤ 6.6.0
zoom
workplace virtual desktop infrastructure
6.4.0 — 6.4.15 · 6.5.0 — 6.5.13 · 6.6.0 — 6.6.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper privilege management by enforcing least privilege, preventing low-privileged authenticated users from escalating via the Zoom Client vulnerability.

prevent

Enforces access control policies to comprehensively block unauthorized privilege escalations enabled by local access in the flawed Zoom Client.

prevent

Requires timely flaw remediation, such as patching the specific improper privilege management vulnerability in Zoom Clients for Windows.

References