CVE-2026-30900 is a vulnerability identified in Zoom Communications Inc.'s Zoom Workplace client for Windows, specifically version 6.6.0. The root cause is an improper check of the minimum version in the update functionality, classified under CWE-754, which relates to improper checks for unusual or exceptional conditions. This flaw allows an authenticated user with local access to escalate their privileges by manipulating the update process, potentially gaining higher system privileges than intended. The vulnerability affects confidentiality, integrity, and availability, as an attacker could execute unauthorized actions, access sensitive data, or disrupt services. The CVSS v3.1 score of 7.8 reflects a high-severity issue with attack vector local (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits are known at this time, but the vulnerability poses a significant risk due to the widespread use of Zoom Workplace in enterprise environments. The lack of a patch link suggests that a fix may still be pending or in development, emphasizing the need for vigilance and interim mitigations.

The vulnerability allows an authenticated local user to escalate privileges, which can lead to unauthorized access to sensitive information, modification or deletion of critical data, and disruption of Zoom Workplace services. This can compromise the security posture of organizations relying on Zoom for internal communications and collaboration. Attackers exploiting this flaw could gain administrative control over affected systems, potentially leading to lateral movement within corporate networks and further compromise. The impact extends to confidentiality, integrity, and availability, making it a comprehensive threat. Organizations with high dependency on Zoom Workplace, especially in sectors like finance, healthcare, government, and large enterprises, face increased risks of data breaches, operational disruption, and reputational damage.

Until an official patch is released, organizations should enforce strict local access controls to limit authenticated user privileges on Windows systems running Zoom Workplace 6.6.0. Implement application whitelisting and endpoint detection and response (EDR) solutions to monitor and block suspicious activities related to the update process. Regularly audit user permissions and remove unnecessary local accounts or restrict their privileges. Employ network segmentation to isolate critical systems and reduce the risk of lateral movement. Educate users about the risks of local privilege escalation and encourage reporting of unusual system behavior. Once a patch becomes available, prioritize its deployment across all affected endpoints. Additionally, consider disabling automatic updates temporarily if feasible and safe, to prevent exploitation via the update mechanism.