Popular video conferencing service Zoom has resolved 4 security vulnerabilities (CVE-2026-30900, CVE-2026-30901, CVE-2026-30902, CVE-2026-30903) in Zoom products. A malicious actor could exploit some of these vulnerabilities to trigger elevation of privilege on the targeted system. Issues affect the products below:
- Zoom Workplace for Windows before version 6.6.11 in the 6.6.x branch;
- Zoom Workplace VDI Client for Windows version 6.6.10 specifically (VDI branches below 6.6.x are not affected);
- Zoom Meeting SDK for Windows before version 6.6.11 in the 6.6.x branch
- Zoom Rooms for Windows before version 6.6.5;
- Zoom Workplace for Windows before version 6.6.0;
- Zoom Workplace VDI Client for Windows before versions 6.4.15 and 6.5.13 and 6.6.10 in their respective branch;
- Zoom Rooms for Windows before version 6.6.0;
- Zoom Workplace for Windows before version 6.6.0;
- Zoom Workplace VDI Client for Windows before versions 6.4.17 and 6.5.15 and 6.6.10 in their respective branch.
More information on vulnerabilities and updates is available in Zoom security bulletins – zoom.us.