Critical Zoom Rooms, Workspaces Flaws Let Attackers Escalate Privileges
Key Takeaways Three new vulnerabilities have been identified in Zoom’s software, potentially allowing local attackers to achieve system-level access. The most critical flaws, CVE-2026-30906 and...
Key Takeaways
- Three new vulnerabilities have been identified in Zoom’s software, potentially allowing local attackers to achieve system-level access.
- The most critical flaws, CVE-2026-30906 and CVE-2026-30905, affect Zoom Rooms for Windows and the Zoom Workplace VDI Plugin, enabling privilege escalation.
- A lower-severity issue, CVE-2026-30904, impacts Zoom Workplace for iOS, risking sensitive information disclosure with physical device access.
- Zoom has released patches for all identified vulnerabilities.
- Immediate patching is crucial for all affected users and organizations to prevent exploitation.
Recently uncovered security vulnerabilities within the Zoom ecosystem present a significant risk, potentially enabling local attackers to gain full control over compromised systems. As virtual communication platforms remain central to organizational operations, these findings underscore the ongoing efforts by threat actors to exploit widely used collaboration tools.
Table Of Content
Zoom has proactively addressed these concerns by issuing rapid patches for three distinct security flaws impacting Zoom Rooms for Windows, the Zoom Workplace VDI Plugin, and Zoom Workplace for iOS. The most severe of these vulnerabilities, if left unpatched, could allow authenticated users to quietly elevate their privileges and seize unauthorized control of affected devices.
High-Severity Windows Vulnerabilities
The most pressing threats stem from two high-severity vulnerabilities affecting Windows users. Both were discovered and reported to Zoom by security researcher sim0nsecurity.
Untrusted Search Path in Zoom Rooms
The first critical flaw, identified as CVE-2026-30906, resides in the Zoom Rooms installer for Windows. This vulnerability is attributed to an untrusted search path weakness, a common issue where software fails to properly validate the directories it uses to load essential files. An authenticated user with local access can exploit this oversight by placing malicious code in these unverified paths, thereby escalating their privileges and gaining deeper administrative control over the system.
External Control of File Name or Path in VDI Plugin
The second significant vulnerability, CVE-2026-30905, is present in the Zoom Workplace VDI Plugin Windows Universal Installer. This bug involves the external control of a file name or path. By manipulating how the installer processes file paths during its setup, a local attacker can compel the system to execute unauthorized commands, thus creating another dangerous avenue for privilege escalation.
Lower-Severity iOS Vulnerability
While Windows users face immediate privilege escalation risks, iOS users are exposed to a different, albeit less severe, threat. Tracked as CVE-2026-30904, this low-severity vulnerability impacts Zoom Workplace for iOS. Reported by security researcher errorsec_, the flaw involves a failure in a protection mechanism. Unlike the Windows bugs, exploiting this issue requires physical access to the iOS device. If successful, an attacker could bypass existing protections to force the application to disclose sensitive information. Due to the requirement for physical access and high privileges, its CVSS severity score is a low 1.8.
What You Should Do
- Immediately update Zoom Rooms for Windows to the latest patched version.
- Update the Zoom Workplace VDI Plugin for Windows to its latest secure version.
- Update Zoom Workplace for iOS to the most recent release.
- Establish and enforce robust patch management policies across your organization to ensure all endpoints are kept up-to-date.
- Download and apply all updates directly from the official Zoom download portal to avoid unofficial or malicious sources.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.