Zoom Workplace for Windows allows unauthenticated access to sensitive files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

9.6

Zoom Workplace for Windows allows unauthenticated access to sensitive files

CVE-2026-30903

Summary

A flaw in Zoom Workplace for Windows allows an attacker to potentially access sensitive files on a network without being logged in. This could lead to unauthorized access and data exposure. Update to Zoom Workplace for Windows version 6.6.0 or later to fix the issue.

Original title

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Original description

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

nvd CVSS3.1 9.6

Vulnerability type

CWE-73

https://www.zoom.com/en/trust/security-bulletin/zsb-26005

Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026