Zoom has released patches for three vulnerabilities affecting Zoom Rooms for Windows, the Zoom Workplace VDI Plugin for Windows, and Zoom Workplace for iOS. CVE-2026-30906 is an untrusted search path weakness in the Zoom Rooms Windows installer that allows an authenticated local user to escalate privileges, and CVE-2026-30905 is an external control of file name or path flaw in the Zoom Workplace VDI Plugin Windows Universal Installer that enables similar local privilege escalation; both are rated high severity and were reported by researcher sim0nsecurity. CVE-2026-30904 is a low-severity protection-mechanism failure in Zoom Workplace for iOS (CVSS 1.8) that requires physical access and high privileges to disclose sensitive information, reported by errorsec_. No active exploitation has been reported. Zoom has issued fixes via its official download portal, and administrators are advised to apply the latest updates promptly.
// Alert
Zoom threat report
// ZoomMEDIUM
// Get alerts for Zoom