Severity by source
AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.
AnalysisAI
Information disclosure in Zoom Workplace for iOS before version 7.0.0 allows an authenticated user with physical access to the device to read limited confidential data by exploiting a failed protection mechanism. The vulnerability is constrained by both physical proximity and high privilege requirements, yielding a CVSS score of 1.8 - among the lowest possible. No active exploitation has been identified, and Zoom has released a fix in version 7.0.0 per their security bulletin ZSB-26006.
Technical ContextAI
The root cause is classified as CWE-693 (Protection Mechanism Failure), meaning a security control intended to guard access to sensitive information is either bypassed or non-functional under specific conditions. The affected product is the Zoom Workplace application on Apple iOS, identified by CPE cpe:2.3:a:zoom_communications:zoom_workplace:*:*:*:*:*:*:*:*. On iOS, protection mechanisms that can fail include screen-sharing restrictions, data-at-rest protections, background snapshot caching (iOS multitasking thumbnails), notification content exposure on the lock screen, clipboard access, or improper handling of iOS accessibility or screen recording APIs. The 'Apple' and 'Information Disclosure' tags corroborate that the issue is iOS-platform-specific and limited to confidentiality impact.
RemediationAI
Upgrade Zoom Workplace for iOS to version 7.0.0 or later, as confirmed by Zoom's security bulletin ZSB-26006 (https://www.zoom.com/en/trust/security-bulletin/zsb-26006). Updates can be applied via the Apple App Store. For environments where an immediate upgrade is not possible, restrict physical access to devices running the Zoom Workplace app - this directly addresses the AV:P prerequisite and eliminates the attack surface entirely. Additionally, enabling iOS device management controls such as MDM-enforced screen lock, disabling app background snapshots through MDM profiles, and restricting lock screen notification content for the Zoom app can serve as interim compensating controls. These measures have the trade-off of reducing usability but directly target the physical access vector.
More in Zoom Workplace
View allPrivilege escalation in the Zoom Workplace mobile app (Android before 7.0.4, iOS before 7.0.3) stems from improper autho
Privilege escalation in Zoom Workplace mobile clients (Android before 7.0.4, iOS before 7.0.3) stems from improper autho
Same weakness CWE-693 – Protection Mechanism Failure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30110
GHSA-8g8v-86wr-f78p