Critical Vulnerabilities in Zoom Workplace for Windows: Immediate Action Required
On March 10, 2026, Zoom disclosed multiple security vulnerabilities affecting its Windows-based client suite, including Zoom Workplace for Windows. These flaws, ranging from high to critical severity, could allow attackers to escalate privileges on affected systems. Notably, one critical vulnerability is exploitable by unauthenticated remote attackers without prior system access.
Critical Vulnerability: CVE-2026-30903
The most severe of these vulnerabilities, identified as CVE-2026-30903 (ZSB-26005), is classified as critical. It targets the Mail feature within Zoom Workplace for Windows and arises from an external control of file name or path. This flaw enables an unauthenticated user to manipulate file references, potentially executing unauthorized operations and escalating privileges on affected systems. All Zoom Workplace for Windows installations running versions prior to 6.6.0 are susceptible to this vulnerability.
Additional High-Severity Vulnerabilities
In addition to CVE-2026-30903, Zoom has identified three high-severity vulnerabilities:
1. CVE-2026-30902 (ZSB-26004): This vulnerability affects Zoom Clients for Windows and involves improper privilege management. Incorrectly assigned user privileges could be exploited to gain unauthorized elevated access.
2. CVE-2026-30901 (ZSB-26003): Targeting Zoom Rooms for Windows, this flaw involves improper input validation. Malformed or unexpected inputs could trigger unintended behaviors, potentially including code execution or privilege changes.
3. CVE-2026-30900 (ZSB-26002): Affecting Zoom Workplace Clients for Windows, this vulnerability is described as an improper check flaw, suggesting a failure in verification logic that could be leveraged to bypass access controls.
Historical Context
Zoom has consistently addressed similar Windows-side privilege escalation issues in recent cycles. For instance, in August 2025, Zoom disclosed a critical vulnerability (CVE-2025-49457) with a CVSS score of 9.6, which also allowed unauthenticated network-based privilege escalation across multiple Windows clients.
Mitigation Steps
To protect against these vulnerabilities, Zoom has issued patches addressing all four issues. Organizations and individual users are strongly advised to take the following actions immediately:
– Update Zoom Installations: Ensure all Zoom Workplace for Windows installations are updated to version 6.6.0 or later.
– Update Zoom Rooms and Clients: Update Zoom Rooms for Windows and Zoom Clients for Windows to the latest available builds.
– Download from Official Sources: Obtain updates directly from the official Zoom download portal at zoom.us/download.
– Prioritize Patching: Focus on patching endpoints where Zoom Workplace is actively used, particularly in email-intensive or enterprise virtual desktop environments.
– Audit User Privileges: Review user privilege configurations within Zoom deployments to limit potential exploitation impact.
– Monitor Network Traffic: Keep an eye on network traffic for unusual Zoom-related file access patterns that may indicate exploitation attempts against CVE-2026-30903.
Zoom emphasizes the urgency of applying these updates without delay, noting that no additional mitigations are available outside of upgrading to the patched version.
Conclusion
The discovery of these vulnerabilities underscores the critical importance of maintaining up-to-date software to safeguard against potential security threats. Users and organizations relying on Zoom Workplace for Windows should act promptly to apply the necessary updates and review their security protocols to ensure comprehensive protection.
