HIGHCVE-2026-30905Published Modified CNA Zoom
CVE-2026-30905: External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
Metrics
- CVSS v3.1
- 7.8
- Severity
- HIGH
- Fixed in
- 6.6.11
- Affected Products
- 1
Fix available
6.6.11
Affected packages
- Zoom Communications / Zoom Workplace VDI Plugin< 6.6.11 (from 0)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HReferences