CVE-2026-30903 is a critical security vulnerability identified in the Mail feature of Zoom Workplace for Windows versions prior to 6.6.0. The vulnerability is classified under CWE-73, which pertains to external control of file name or path. This means that an attacker can influence the file path or name used by the application, potentially causing the system to access or modify unintended files. In this case, the flaw allows an unauthenticated attacker to escalate privileges by sending specially crafted network requests that manipulate file paths within the Mail feature. The vulnerability has a CVSS v3.1 base score of 9.6, reflecting its critical nature with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), indicating that exploitation can affect resources beyond the vulnerable component, and it impacts confidentiality, integrity, and availability at a high level (C:H/I:H/A:H). Although no public exploits are currently known, the vulnerability's characteristics make it a prime target for attackers seeking to gain elevated access on affected systems. The lack of authentication requirement combined with network accessibility increases the risk of widespread exploitation. The vulnerability was reserved on March 6, 2026, and published on March 11, 2026, with no patch links currently available, emphasizing the urgency for Zoom Communications to release a fix and for organizations to apply mitigations.

The impact of CVE-2026-30903 is severe for organizations using vulnerable versions of Zoom Workplace on Windows. Successful exploitation allows attackers to escalate privileges without authentication, potentially gaining administrative control over affected systems. This can lead to unauthorized access to sensitive communications, data theft, manipulation or deletion of critical files, and disruption of business operations. The vulnerability affects confidentiality, integrity, and availability simultaneously, increasing the risk of data breaches and operational downtime. Given Zoom Workplace's role in enterprise communication and collaboration, exploitation could compromise internal communications, expose intellectual property, and facilitate lateral movement within networks. The network-based attack vector means attackers can exploit this vulnerability remotely, increasing the threat surface. Organizations lacking timely patching or mitigations may face significant operational and reputational damage, especially in sectors where secure communication is critical.

To mitigate CVE-2026-30903, organizations should immediately upgrade Zoom Workplace for Windows to version 6.6.0 or later once available. Until patches are released, restrict network access to the Mail feature by implementing network segmentation and firewall rules that limit inbound traffic to trusted sources. Employ application whitelisting and endpoint protection solutions to detect and block suspicious file path manipulations. Monitor logs and network traffic for unusual activity related to file operations within Zoom Workplace. Educate users about the risk of interacting with unexpected or suspicious communications within the Mail feature to reduce the likelihood of user interaction exploitation. Coordinate with Zoom Communications for timely updates and advisories. Additionally, consider deploying intrusion detection systems (IDS) with signatures tailored to detect exploitation attempts targeting this vulnerability. Regularly review and update incident response plans to address potential exploitation scenarios involving privilege escalation.