CVE-2026-30903
Published: 11 March 2026
Summary
CVE-2026-30903 is a critical-severity External Control of File Name or Path (CWE-73) vulnerability in Zoom Workplace Virtual Desktop Infrastructure. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the specific vulnerability by requiring timely application of the vendor patch to Zoom Workplace version 6.6.0 or later.
Addresses the root cause of CWE-73 by validating file names and paths received in the Mail feature to prevent external control and manipulation.
Limits the impact of privilege escalation by ensuring the Mail feature and related processes operate with least privilege necessary.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-73 path control in Zoom Mail client enables privilege escalation (T1068) after user opens malicious file (T1204.002).
NVD Description
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
Deeper analysisAI
CVE-2026-30903 is an External Control of File Name or Path vulnerability (CWE-73) affecting the Mail feature in Zoom Workplace for Windows versions prior to 6.6.0. Published on March 11, 2026, it has a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact confidentiality, integrity, and availability effects with changed scope.
An unauthenticated attacker with network access can exploit this vulnerability by tricking a user into interacting with a maliciously crafted element, such as a file or link related to the Mail feature. Successful exploitation leads to escalation of privilege, granting the attacker high-level access to the victim's system resources.
Zoom's security bulletin ZSB-26005, available at https://www.zoom.com/en/trust/security-bulletin/zsb-26005, details the issue and recommends updating to Zoom Workplace for Windows version 6.6.0 or later to mitigate the vulnerability.
Details
- CWE(s)