CVE-2026-30906

7.8 HIGH

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escal...

Published: 2026-05-13 · Last updated: 2026-06-03

Severity and scoring

CVSS: 7.8 HIGH
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-426

Affected products

Vendor	Product
zoom	rooms

Description

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-30906
[Vendor advisory]https://www.zoom.com/en/trust/security-bulletin/zsb-26008

Related CVEs

Same vendor

CVE-2026-30905 — External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an aut... (7.8 HIGH)
CVE-2026-30904 — Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of in... (1.8 LOW)

Same CWE

CVE-2026-48565 — Untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally (7.8 HIGH)
CVE-2026-47648 — Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally (7.0 HIGH)
CVE-2026-24064 — Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability (7.8 HIGH)
CVE-2026-11401 — An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remot... (8.0 HIGH)
CVE-2026-11400 — An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a rem... (8.0 HIGH)