CVE Catalog

CVE-2026-30903

Critical
Published: Translated: NVD NIST

Summary

The Mail feature in Zoom Workplace for Windows before version 6.6.0 has an external control of file name or path, which may allow an unauthenticated user to escalate privileges via network access.

Risk Assessment

The organization may be exposed to unauthorized access to systems, potentially leading to serious security breaches and data loss.

Recommendation

It is recommended to update Zoom Workplace to version 6.6.0 or later to mitigate this vulnerability.

Original NVD description (English source)

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS