Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local privilege escalation by an already-authenticated low-privileged user (AV:L, PR:L, AC:L) yielding full host compromise (C:H/I:H/A:H) with no user interaction and no scope change.
Primary rating from Vendor (zoom).
CVSS VectorVendor: zoom
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.
AnalysisAI
Local privilege escalation in Zoom Rooms for Windows before version 7.1.0 allows an authenticated low-privileged user to elevate to higher privileges via local access, with high impact to confidentiality, integrity, and availability (CVSS 7.8). Zoom's own security team (security@zoom.us) reported the flaw, classified as improper privilege management. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires local, authenticated access to a Windows host running Zoom Rooms prior to version 7.1.0 (AV:L, PR:L) - the attacker must already possess a valid low-privileged local account or session. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are moderately concerning but not urgent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with an ordinary authenticated local account on a Windows machine running a vulnerable Zoom Rooms client (for example, a shared conference-room PC or a lightly restricted kiosk) interacts with a locally exposed, over-privileged Zoom Rooms component to abuse improper privilege management. With low attack complexity and no user interaction required, they escalate to higher privileges and gain full control (C:H/I:H/A:H) of the host. … |
| Remediation | Vendor-released patch: upgrade Zoom Rooms for Windows to version 7.1.0 or later, which resolves the improper privilege management issue per Zoom security bulletin ZSB-26011 (https://www.zoom.com/en/trust/security-bulletin/zsb-26011). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Zoom Rooms for Windows systems and identify those running versions before 7.1.0; restrict physical access and local administrative account access to essential authorized personnel only. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45044
GHSA-97jw-3fv7-jf6h