CVE-2026-30903

Name of the Vulnerable Software and Affected Versions Zoom Workplace for Windows versions prior to 6.6.0

Description The issue involves external control of the file name or path within the Mail feature. This can allow an unauthenticated user to escalate privileges through network access. The vulnerability is present in Zoom Workplace for Windows before version 6.6.0. No information is available regarding the number of potentially affected devices or real-world exploitation incidents. The vulnerable component is the Mail feature, and the issue stems from improper handling of file names or paths provided by external sources. The filename or filepath parameters may be involved in this issue.

Recommendations Versions prior to 6.6.0 should be updated to version 6.6.0 or later.