ngCERT SECURITY ADVISORY ON MULTIPLE CRITICAL VULNERABILITIES IN ZOOM PRODUCTS

Advisory ID:   ngCERT-2026-040003

SUMMARY

ngCERT is aware of multiple critical and high-severity vulnerabilities in Zoom products, including Zoom Workplace, Zoom Clients, Zoom Rooms, and VDI components. These vulnerabilities, tracked under several CVEs (CVE-2026-30900 to CVE-2026-30903), range from privilege escalation and command injection to improper input validation and path handling flaws. Successful exploitation may allow threat actors to achieve privilege escalation, unauthorized access, and system compromise. These flaws impact widely deployed enterprise collaboration tools, making them high-value targets for threat actors. Organisation and individuals are advised to immediately remediate these vulnerabilities.

DESCRIPTION

Zoom Products is a unified communications platform for video conferencing, chat, webinars, and collaboration across multiple operating systems. Multiple vulnerabilities stemming from multiple weaknesses in Zoom’s Windows-based components, including improper privilege management, insufficient input validation, and inadequate file path handling. The most critical flaw, CVE-2026-30903, involves external control of file names or paths within the Zoom Workplace Mail feature, allowing unauthenticated attackers to manipulate file operations and escalate privileges remotely. Additional vulnerabilities, CVE-2026-30902 (improper privilege management), CVE-2026-30901 (input validation flaw), and CVE-2026-30900 (improper version check), further enable attackers to elevate privileges or bypass security controls under certain conditions. These vulnerabilities expose Windows systems to both local and remote exploitation scenarios, particularly when systems are unpatched or misconfigured.

Damage:      Critical (CVSS 7.8)

Probability:  High

Platform(s):  Windows

CONSEQUENCES

Exploitation of these vulnerabilities may result in:

1. Privilege escalation.
2. Denial of Service (DoS).
3. Sensitive data exposure.
4. Remote Code Execution (RCE).
5. Cross-Site Scripting (XSS) and data manipulation.
6. Operational and business disruption/risk.
7. Malware/Ransomware Deployment. 

SOLUTION/MITIGATION

ngCERT recommends the following:

1. Update all Zoom products to the latest versions and apply patched releases (Zoom Security Bulletins - ZSB-26001 to ZSB-26005).
2. Enable automatic updates across all Zoom clients and components.
3. Monitor for abnormal privilege escalation events.
4. Remove or upgrade deprecated/unsupported Zoom versions.
5. Enforce endpoint protection (EDR/antivirus) and monitor for suspicious activity.    

HYPERLINK

• https://www.zoom.com/en/trust/security-bulletin/
• https://securityonline.info/unauthenticated-takeover-critical-9-6-cvss-zoom-flaw-exposes-windows-users-to-remote-privilege-escalation/