Skip to main content

Zoom Rooms EUVDEUVD-2026-30112

| CVE-2026-30906 HIGH
Untrusted Search Path (CWE-426)
2026-05-13 Zoom GHSA-mmmr-c45j-v926
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Jun 08, 2026 - 10:27 vuln.today
Patch available
May 13, 2026 - 20:02 EUVD
CVE Published
May 13, 2026 - 18:03 nvd
HIGH 7.8

DescriptionCVE.org

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

AnalysisAI

Local privilege escalation in Zoom Rooms for Windows versions prior to 7.0.0 allows an authenticated user to gain elevated privileges through an untrusted search path weakness in the installer. The flaw (CWE-426) carries a CVSS 7.8 (High) rating with complete confidentiality, integrity, and availability impact, though EPSS exploitation probability is very low (0.01%) and there is no public exploit identified at time of analysis. CISA SSVC indicates no observed exploitation but total technical impact, making this a credible insider-threat or post-compromise escalation vector rather than an internet-facing risk.

Technical ContextAI

The vulnerability sits in the Zoom Rooms for Windows installer (cpe:2.3:a:zoom_communications:zoom_rooms) and is classified under CWE-426 (Untrusted Search Path). This weakness occurs when a process - typically one running with elevated privileges such as an MSI/EXE installer - resolves binaries, DLLs, or helper executables using a search path that an unprivileged user can influence (for example, the current working directory, a writable PATH entry, or an unquoted service path). On Windows, installers running under SYSTEM or via elevated MSI contexts are particularly susceptible because attacker-controlled libraries placed in resolvable directories get loaded and executed in the elevated context, yielding local privilege escalation.

RemediationAI

Upgrade Zoom Rooms for Windows to version 7.0.0 or later - per the EUVD-confirmed fix boundary and Zoom security bulletin ZSB-26008 (https://www.zoom.com/en/trust/security-bulletin/zsb-26008), this is the vendor-released patch. Until upgrade is rolled out, run the installer only from a directory not writable by standard users (for example, a SYSTEM-only staging path or an admin-controlled deployment share via SCCM/Intune) rather than from user Downloads folders, since the untrusted search path is exercised when the installer process resolves auxiliary binaries; the trade-off is added deployment friction for ad-hoc installs. Additionally, restrict who can execute the installer through AppLocker or WDAC policies scoped to administrators, which prevents low-privileged users from invoking the vulnerable installer at all but blocks self-service upgrades. Reference the VulDB entry at https://vuldb.com/vuln/363023 for tracking.

Share

EUVD-2026-30112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy