This vulnerability (CVE-2026-30906) affects Zoom Rooms for Windows before version 7.0.0. It is classified as CWE-426 (Untrusted Search Path), where the installer does not securely validate the search path for dependencies or executables. An authenticated user with local access could exploit this to escalate privileges on the affected system. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. No patch or official remediation level has been disclosed by Zoom Communications as of the publication date.

Successful exploitation could allow an authenticated local user to escalate their privileges, potentially gaining higher system rights than intended. This could lead to full system compromise, including unauthorized access to sensitive data and disruption of system availability. The vulnerability does not appear to be remotely exploitable and requires local access with some privileges.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for any suspicious activity related to Zoom Rooms installer usage. Avoid running the installer in untrusted environments or with elevated privileges unnecessarily.