Cyber Resilience

CVE-2026-30906

HighLPEUpdated

Published: 13 May 2026

Published
13 May 2026
Modified
03 June 2026
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 2.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30906 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Zoom Rooms. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 2.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
Why these techniques?

CWE-426 untrusted search path in local installer directly enables path interception by search order hijacking for local privilege escalation.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-0145Same product: Zoom Rooms
CVE-2025-49457Same product: Zoom Rooms
CVE-2026-30902Same product: Zoom Rooms
CVE-2026-25880Shared CWE-426
CVE-2025-27167Shared CWE-426
CVE-2026-25926Shared CWE-426
CVE-2026-32009Shared CWE-426
CVE-2024-45418Same product: Zoom Rooms
CVE-2025-1068Shared CWE-426
CVE-2026-21280Shared CWE-426

Affected Assets

zoom
rooms
≤ 7.0.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References