Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Local privilege escalation requiring an existing low-privileged authenticated session on the Windows host (AV:L, PR:L), no user interaction, and yielding full CIA impact via SYSTEM-level code execution.
Primary rating from Vendor (Zoom).
CVSS VectorVendor: Zoom
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
AnalysisAI
Local privilege escalation in Remote Control for Zoom Contact Center for Windows prior to version 7.0.0 allows an authenticated user with local access to elevate privileges due to insufficient verification of data authenticity. The flaw, reported by Zoom and tracked in bulletin ZSB-26009, carries a CVSS 3.1 base score of 7.8 (High) with no public exploit identified at time of analysis. Exploitation requires existing local authenticated access, which limits opportunistic abuse but makes this a strong post-compromise pivot on workstations running the Zoom Contact Center remote control component.
Technical ContextAI
The vulnerability resides in the Windows build of the Remote Control feature shipped with Zoom Contact Center, an agent-side desktop component used to facilitate remote assistance and screen-control sessions within Zoom's contact center workflows. The root cause is CWE-345 (Insufficient Verification of Data Authenticity), meaning the application accepts data - likely commands, configuration input, IPC messages, or update artifacts - without sufficiently validating their origin or integrity. On Windows endpoints where this component runs with elevated rights or as a privileged service, an unprivileged local process can supply crafted data that the trusted component acts upon, resulting in privilege escalation. The affected CPE is cpe:2.3:a:zoom_communications:remote_control_for_zoom_contact_center, scoped to versions before 7.0.0.
RemediationAI
Vendor-released patch: upgrade Remote Control for Zoom Contact Center for Windows to version 7.0.0 or later, per Zoom security bulletin ZSB-26009 (https://www.zoom.com/en/trust/security-bulletin/zsb-26009). Where immediate patching is not possible, compensating controls include restricting interactive logon and local accounts on contact-center agent workstations to trusted personnel only, applying application allow-listing (e.g., Windows Defender Application Control or AppLocker) to block untrusted binaries that could supply crafted input to the trusted component, and using EDR to monitor for unexpected child processes or token manipulation originating from the Zoom remote control process - noting these reduce but do not eliminate exploitability and may add operational friction for legitimate agent tooling. Temporarily disabling or uninstalling the Remote Control component on hosts that do not require it is the strongest mitigation, at the cost of losing remote-assist functionality for those agents.
Same technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36521
GHSA-789h-4f4q-2gq6