CVE-2026-30903
Description
External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.
Risk Information
Base Score
9.6
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.056
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2026-30903,CVE-2026-30902 are fixed in Zoom Workplace (6.6.0.15547) | Windows |
| Vulnerabilities CVE-2026-30903,CVE-2026-30902 are fixed in Zoom Workplace (x64) (6.6.0.15547) | Windows |
| Vulnerabilities CVE-2026-30903,CVE-2026-30902 are fixed in Zoom Workplace (EXE) (User Based) (6.6.0.15547) | Windows |
| Vulnerabilities CVE-2026-30903,CVE-2026-30902 are fixed in Zoom Workplace (EXE) (x64) (User Based) (6.6.0.15547) | Windows |
| Vulnerabilities CVE-2026-30903,CVE-2026-30902 are fixed in Zoom Outlook Plugin (6.6.0.1185) | Windows |
| Vulnerabilities CVE-2026-30903,CVE-2026-30902 are fixed in Zoom Rooms (6.6.0.6624) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Notes Plugin (6.6.10.1194) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Outlook Plugin (6.6.10.1192) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Workplace (6.6.10.22255) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Workplace (EXE) (User Based) (6.6.10.22255) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Workplace (EXE) (x64) (User Based) (6.6.10.22255) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Workplace (x64) (6.6.10.22255) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom Rooms (6.6.10.6938) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom VDI Universal Plugin (MSI) (x64) (6.6.10.26830) | Windows |
| Vulnerabilities CVE-2026-30903 are fixed in Zoom VDI Workplace (MSI) (x64) (6.6.10.26830) | Windows |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-353838 | Zoom Workplace (MSI) (6.6.11.23272) |
| PATCH-357411 | Zoom Workplace (x64) (7.0.0.33767) |
| PATCH-353839 | Zoom Workplace (User Based) (6.6.11.23272) |
| PATCH-357410 | Zoom Workplace (EXE) (x64) (User Based) (7.0.0.33767) |
| PATCH-353028 | Zoom Outlook Plugin (6.6.10.1192) |
| PATCH-355898 | Zoom Rooms (6.7.5.7278) |
| PATCH-353027 | Zoom Notes Plugin (6.6.10.1194) |
| PATCH-353028 | Zoom Outlook Plugin (6.6.10.1192) |
| PATCH-353838 | Zoom Workplace (MSI) (6.6.11.23272) |
| PATCH-353839 | Zoom Workplace (User Based) (6.6.11.23272) |
| PATCH-357410 | Zoom Workplace (EXE) (x64) (User Based) (7.0.0.33767) |
| PATCH-357411 | Zoom Workplace (x64) (7.0.0.33767) |
| PATCH-355898 | Zoom Rooms (6.7.5.7278) |
| PATCH-357113 | Zoom VDI Universal Plugin (MSI) (x64) (6.6.13.26950) |
| PATCH-357220 | Zoom VDI Workplace (MSI) (x64) (6.6.13.26950) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234