CVE-2026-30905

HIGH

Zoom Communications Zoom Workplace Vdi Plugin < 6.6.11 - External Control of File Name or Path

Title source: rule

Description

External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.

References (1)

Core 1

Core References

https://www.zoom.com/en/trust/security-bulletin/zsb-26007

Scores

CVSS v3 7.8

EPSS 0.0012

EPSS Percentile 2.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-610 CWE-73

Status published

Products (2)

zoom/workplace_virtual_desktop_infrastructure < 6.6.11

Zoom Communications/Zoom Workplace VDI Plugin < 6.6.11

Published May 13, 2026

Tracked Since May 14, 2026