Skip to main content

Zoom Workplace Vdi Plugin

2 CVEs product

Monthly

CVE-2026-53411 HIGH PATCH This Week

Local privilege escalation in the Zoom Workplace VDI Plugin for Windows lets an authenticated local user win a time-of-check to time-of-use (TOCTOU) race during the plugin's install/uninstall routine to gain higher privileges (per CVSS, full confidentiality, integrity, and availability impact). The flaw was self-reported by Zoom (bulletin ZSB-26013) and carries a CVSS 3.1 base score of 7.8; no public exploit identified at time of analysis. Exploitation is local-only and requires the attacker to already hold a valid account on the target host.

Privilege Escalation Microsoft Zoom Workplace Vdi Plugin
NVD VulDB
CVSS 3.1
7.8
CVE-2026-30905 HIGH PATCH This Week

Local privilege escalation in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 allows an authenticated low-privileged user to elevate to higher privileges through external control of a file name or path during installation routines. The flaw was reported by Zoom and carries CVSS 7.8 with total technical impact, though no public exploit identified at time of analysis and EPSS sits at 0.01%. SSVC indicates exploitation status 'none' and the attack is not automatable, marking this as a patch-on-schedule rather than emergency item.

Microsoft Privilege Escalation Zoom Workplace Vdi Plugin
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Zoom Workplace VDI Plugin for Windows lets an authenticated local user win a time-of-check to time-of-use (TOCTOU) race during the plugin's install/uninstall routine to gain higher privileges (per CVSS, full confidentiality, integrity, and availability impact). The flaw was self-reported by Zoom (bulletin ZSB-26013) and carries a CVSS 3.1 base score of 7.8; no public exploit identified at time of analysis. Exploitation is local-only and requires the attacker to already hold a valid account on the target host.

Privilege Escalation Microsoft Zoom Workplace Vdi Plugin
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Local privilege escalation in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 allows an authenticated low-privileged user to elevate to higher privileges through external control of a file name or path during installation routines. The flaw was reported by Zoom and carries CVSS 7.8 with total technical impact, though no public exploit identified at time of analysis and EPSS sits at 0.01%. SSVC indicates exploitation status 'none' and the attack is not automatable, marking this as a patch-on-schedule rather than emergency item.

Microsoft Privilege Escalation Zoom Workplace Vdi Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy