Unauthenticated Takeover: Critical 9.6 CVSS Zoom Flaw Exposes Windows Users to Remote Privilege Escalation

Zoom has released a series of security advisories detailing four significant vulnerabilities affecting its Windows clients, including a “Critical” rated flaw that allows for unauthenticated privilege escalation. These vulnerabilities could allow attackers to execute unauthorized commands, leak sensitive data, or seize control of a user’s system through both network and local access.

Given Zoom’s ubiquity in both corporate and personal communication, security teams are urged to apply the latest updates immediately to mitigate these high-stakes risks.

The most severe issue, tracked as CVE-2026-30903, carries a CVSS score of 9.6. This vulnerability involves “External Control of File Name or Path” within the Mail feature of Zoom Workplace for Windows.

Unlike many other flaws that require an attacker to already have a foothold on a machine, this critical bug “may allow an unauthenticated user to conduct an escalation of privilege via network access”. This means a remote attacker could potentially exploit a user’s Zoom client over the internet to gain elevated system permissions without ever needing a password.

In addition to the remote threat, Zoom addressed three “High” severity vulnerabilities that allow authenticated users to move from standard permissions to full administrative control via local access:

• Improper Privilege Management (CVE-2026-30902, CVSS 7.8): This flaw affects several Zoom clients for Windows and can allow a local user to escalate their privileges.
• Version Check Bypass (CVE-2026-30900, CVSS 7.8): An “Improper Check of minimum version” in the update functionality of certain Windows clients could be exploited by an authenticated user to gain higher system rights.
• Kiosk Mode Input Validation (CVE-2026-30901, CVSS 7.0): Specifically affecting Zoom Rooms for Windows in Kiosk Mode, this “Improper Input Validation” bug allows a local user to bypass restrictions and conduct an escalation of privilege.

The vulnerabilities impact a wide range of Zoom’s Windows-based ecosystem. Organizations should audit their environments for the following versions:

Zoom continues to be a high-value target for researchers and threat actors alike. The ability for a remote, unauthenticated attacker to escalate privileges via the Mail feature represents a significant breach of the typical security boundary.

“Users can help keep themselves secure by applying the latest updates available,” the company stated in its advisory. To protect your infrastructure, ensure that all Windows endpoints are running the most recent versions of the Zoom Workplace and Zoom Rooms clients.

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Do Son

Do Son (aka Ddos) is a seasoned news reporter, bringing over a decade of expertise to the forefront of cyber security and technology reporting. My work provides timely and insightful analysis of emerging trends and critical developments in these rapidly evolving sectors.