Fresh security concerns have emerged for users of Zoom after the company disclosed 3 vulnerabilities affecting its Windows and iOS applications. The flaws could allow attackers to gain elevated system access, expose sensitive information and potentially hijack affected devices.
The most serious issue impacts Zoom Rooms for Windows and is tracked as CVE-2026-30906. The vulnerability carries a CVSS score of 7.8 out of 10 and is linked to an untrusted search path flaw in the software installer. Researchers said attackers with standard local access to a machine could exploit the weakness to gain higher system privileges.
Security experts warned that such privilege escalation attacks are often used to disable security protections, steal sensitive enterprise data or deploy ransomware. The flaw affects all Zoom Rooms for Windows versions before 7.0.0.
A second high-severity vulnerability, tracked as CVE-2026-30905, was discovered in the Zoom Workplace VDI Plugin for Windows by security researcher “sim0nsecurity”. The flaw also carries a CVSS score of 7.8 and is caused by external control of a file name or path within the software’s Windows Universal Installer.
According to researchers, the issue creates another pathway for authenticated local users to escalate privileges on affected systems. The vulnerability specifically impacts Zoom Workplace VDI Plugin version 6.6.10. Users have been advised to immediately update to version 6.6.11 or later.
Zoom also identified a lower-severity flaw affecting Zoom Workplace for iOS, tracked as CVE-2026-30904. The issue involves a failure in a protection mechanism that could result in unauthorised information disclosure.
The iOS vulnerability has a CVSS score of 1.8 and requires physical access to the target device, reducing the immediate risk level. However, researchers noted that it still poses a privacy concern for users. The flaw, reported by security researcher “errorsec_”, affects all iOS app versions older than 7.0.0.
Cybersecurity experts said privilege escalation vulnerabilities are highly valuable for attackers attempting to move across enterprise networks and expand access within organisations.
Zoom has urged users, IT teams and remote workers to install the latest software updates immediately to reduce security risks and protect their systems from potential attacks.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
