{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30905", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2026-03-06T18:44:57.631Z", "datePublished": "2026-05-13T18:00:22.649Z", "dateUpdated": "2026-05-13T18:55:08.369Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-05-13T18:00:22.649Z"}, "datePublic": "2026-05-12T12:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-73", "description": "CWE-73 External control of file name or path", "type": "CWE"}]}], "affected": [{"vendor": "Zoom Communications", "product": "Zoom Workplace VDI Plugin", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThan": "6.6.11", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access."}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T18:54:30.275041Z", "id": "CVE-2026-30905", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:55:08.369Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30905", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2026-03-06T18:44:57.631Z", "datePublished": "2026-05-13T18:00:22.649Z", "dateUpdated": "2026-05-13T18:55:08.369Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-05-13T18:00:22.649Z"}, "datePublic": "2026-05-12T12:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-73", "description": "CWE-73 External control of file name or path", "type": "CWE"}]}], "affected": [{"vendor": "Zoom Communications", "product": "Zoom Workplace VDI Plugin", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThan": "6.6.11", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access."}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-13T18:54:30.275041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:54:46.375Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access."}], "id": "CVE-2026-30905", "lastModified": "2026-05-13T19:17:05.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2026-05-13T19:17:05.367", "references": [{"source": "security@zoom.us", "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "security@zoom.us", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.6.11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "workplace_vdi_plugin", "vendor": "zoom"}], "created": "2026-05-13T19:45:03.837386+00:00", "title": "External Control of File Name or Path Leading to Escalation of Privilege in Zoom Workplace VDI Plugin", "updated": "2026-05-14T14:34:11.387785+00:00", "vendors": ["zoom", "zoom$PRODUCT$workplace_vdi_plugin"]}