Cyber Resilience

CVE-2026-30903

Critical

Published: 11 March 2026

Published
11 March 2026
Modified
14 May 2026
KEV Added
Patch
CVSS Score v3.1 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score 0.0033 24.4th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-30903 is a critical-severity External Control of File Name or Path (CWE-73) vulnerability in Zoom Workplace Virtual Desktop Infrastructure. Its CVSS base score is 9.6 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-30903 is an External Control of File Name or Path vulnerability (CWE-73) affecting the Mail feature in Zoom Workplace for Windows versions prior to 6.6.0. Published on March 11, 2026, it has a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for high-impact confidentiality, integrity, and availability effects with changed scope.

An unauthenticated attacker with network access can exploit this vulnerability by tricking a user into interacting with a maliciously crafted element, such as a file or link related to the Mail feature. Successful exploitation leads to escalation of privilege, granting the attacker high-level access to the victim's system resources.

Zoom's security bulletin ZSB-26005, available at https://www.zoom.com/en/trust/security-bulletin/zsb-26005, details the issue and recommends updating to Zoom Workplace for Windows version 6.6.0 or later to mitigate the vulnerability.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

CWE-73 path control in Zoom Mail client enables privilege escalation (T1068) after user opens malicious file (T1204.002).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30905Same product: Zoom Workplace Virtual Desktop Infrastructure
CVE-2026-30900Same product: Zoom Workplace Desktop
CVE-2026-30902Same product: Zoom Workplace Desktop
CVE-2025-0151Same product: Zoom Workplace Desktop
CVE-2025-27439Same product: Zoom Workplace Desktop
CVE-2025-27440Same product: Zoom Workplace Desktop
CVE-2025-49457Same product: Zoom Workplace Desktop
CVE-2024-45421Same product: Zoom Workplace Desktop
CVE-2025-0145Same product: Zoom Workplace Desktop
CVE-2025-0147Same product: Zoom Workplace Desktop

Affected Assets

zoom
workplace desktop
≤ 6.6.0
zoom
workplace virtual desktop infrastructure
6.4.0 — 6.4.17 · 6.5.0 — 6.5.15 · 6.6.0 — 6.6.10

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the specific vulnerability by requiring timely application of the vendor patch to Zoom Workplace version 6.6.0 or later.

prevent

Addresses the root cause of CWE-73 by validating file names and paths received in the Mail feature to prevent external control and manipulation.

prevent

Limits the impact of privilege escalation by ensuring the Mail feature and related processes operate with least privilege necessary.

References