wid-sec-w-2026-0653 · Published 2026-03-09 · View on BSI CERT-Bund ↗

Zoom Rooms and Workplace: Multiple Vulnerabilities allow Privilegieneskalation

CVSS 9.6 CRITICAL

Risk Summary

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

CVEs (4)

CVE-2026-30900 CVE-2026-30901 CVE-2026-30902 CVE-2026-30903

Affected Vendors

Zoom Video Communications

Affected Products (8)

Zoom Video Communications · Rooms <6.6.5

Zoom Video Communications · Rooms 6.6.5

Zoom Video Communications · Rooms <6.6.0

Zoom Video Communications · Rooms 6.6.0

Zoom Video Communications · Workplace <6.6.11

Zoom Video Communications · Workplace 6.6.11

Zoom Video Communications · Workplace <6.6.0

Zoom Video Communications · Workplace 6.6.0

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more