Skip to main content

Zoom Workplace iOS CVE-2026-30904

| EUVDEUVD-2026-30110 LOW
Protection Mechanism Failure (CWE-693)
2026-05-13 Zoom GHSA-8g8v-86wr-f78p
1.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
1.8 LOW
AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 13:40 vuln.today
Patch available
May 13, 2026 - 20:02 EUVD

DescriptionCVE.org

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.

AnalysisAI

Information disclosure in Zoom Workplace for iOS before version 7.0.0 allows an authenticated user with physical access to the device to read limited confidential data by exploiting a failed protection mechanism. The vulnerability is constrained by both physical proximity and high privilege requirements, yielding a CVSS score of 1.8 - among the lowest possible. No active exploitation has been identified, and Zoom has released a fix in version 7.0.0 per their security bulletin ZSB-26006.

Technical ContextAI

The root cause is classified as CWE-693 (Protection Mechanism Failure), meaning a security control intended to guard access to sensitive information is either bypassed or non-functional under specific conditions. The affected product is the Zoom Workplace application on Apple iOS, identified by CPE cpe:2.3:a:zoom_communications:zoom_workplace:*:*:*:*:*:*:*:*. On iOS, protection mechanisms that can fail include screen-sharing restrictions, data-at-rest protections, background snapshot caching (iOS multitasking thumbnails), notification content exposure on the lock screen, clipboard access, or improper handling of iOS accessibility or screen recording APIs. The 'Apple' and 'Information Disclosure' tags corroborate that the issue is iOS-platform-specific and limited to confidentiality impact.

RemediationAI

Upgrade Zoom Workplace for iOS to version 7.0.0 or later, as confirmed by Zoom's security bulletin ZSB-26006 (https://www.zoom.com/en/trust/security-bulletin/zsb-26006). Updates can be applied via the Apple App Store. For environments where an immediate upgrade is not possible, restrict physical access to devices running the Zoom Workplace app - this directly addresses the AV:P prerequisite and eliminates the attack surface entirely. Additionally, enabling iOS device management controls such as MDM-enforced screen lock, disabling app background snapshots through MDM profiles, and restricting lock screen notification content for the Zoom app can serve as interim compensating controls. These measures have the trade-off of reducing usability but directly target the physical access vector.

Share

CVE-2026-30904 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy