External risk intelligence

Zoom Mail feature could let attackers take control of your computer

CVE advisorySeverity: CRITICAL (CVSS 9.8)

CVE-2026-30903

An external attacker could exploit Zoom Workplace for Windows to gain higher system privileges. This matters to the business as it could lead to unauthorized administrative control over user systems and the execution of commands.

2Halo Surface Signal

Zoom Workplace Desktop

before 6.6.06.4.0 to before 6.4.176.5.0 to before 6.5.156.6.0 to before 6.6.10

External exposure likelihood

Halo Surface Signal score for CVE-2026-30903

Zoom Workplace is a desktop client application. While it communicates over a network, it is not an internet-facing gateway, server, or edge service. Its typical deployment is on end-user workstations behind firewalls or NAT, making direct, unauthenticated public internet exposure uncommon for the specific vulnerable component.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Horizon Alert

Summary of the vulnerability and why it matters

An unauthenticated attacker can exploit a vulnerability in Zoom Workplace's Mail feature to escalate privileges. This means someone without a login could potentially gain higher access to your system.

  • Could impact user accounts.
  • Attacks are possible over the network.

Attack Path

How an attacker could exploit the issue

An unauthenticated attacker can exploit this flaw to gain elevated privileges on a Windows system by targeting the Mail feature in Zoom Workplace. The vulnerability allows an attacker to manipulate file paths, potentially leading to the execution of malicious code or unauthorized access to sensitive information.

  • Network access required.
  • Targets Zoom Mail feature.
  • Unauthenticated user.

Live Threat

Current exploitation, exposure, and threat context

This CVE describes an external control of file path vulnerability in Zoom Workplace for Windows, potentially allowing unauthenticated users to escalate privileges over the network. Attackers are typically drawn to such vulnerabilities if they offer a significant impact, like privilege escalation, and are easily exploitable remotely without prior authentication. However, the specific context of Zoom Workplace, being primarily a client application, might reduce its appeal for broad, automated attacks compared to server-side or internet-facing services.

  • Privilege escalation is a strong motivator.
  • Network-based, unauthenticated exploitation is attractive.
  • Client application context may limit broad weaponization.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching or upgrading Zoom Workplace for Windows to version 6.6.0 or later immediately due to the critical risk of unauthenticated privilege escalation. If immediate patching is not feasible, focus on network segmentation and monitoring for suspicious file access patterns within the Mail feature.

  • Upgrade Zoom Workplace to 6.6.0.
  • Block network traffic to Mail feature endpoints.
  • Monitor for anomalous file operations.

Frequently asked questions

What is Zoom Workplace?

Zoom Workplace is a collaboration platform that integrates video conferencing, chat, and other tools to help individuals and organizations communicate and work together remotely.

What type of weakness does CVE-2026-30903 represent?

CVE-2026-30903 is an "External Control of File Name or Path" weakness, identified as CWE-73 and CWE-610. This means an attacker can influence file paths used by the application.

How can an attacker exploit CVE-2026-30903?

An unauthenticated attacker can exploit this vulnerability over a network by manipulating file paths within Zoom Workplace's Mail feature. This could lead to privilege escalation on the affected Windows system.

What is the relevance of CVE-2026-30903?

The Halo Surface Signal indicates this vulnerability is 'Unlikely' to be widely exploited. While it allows for privilege escalation over a network, Zoom Workplace is typically a client application on end-user workstations, not an internet-facing service, which may limit its attractiveness for broad attacks.

What steps should be taken to address CVE-2026-30903?

Users should immediately upgrade Zoom Workplace for Windows to version 6.6.0 or later to mitigate the risk of privilege escalation. Network segmentation and monitoring for suspicious file access within the Mail feature are also recommended if immediate patching is not possible.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified