{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-30905","assignerOrgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","state":"PUBLISHED","assignerShortName":"Zoom","dateReserved":"2026-03-06T18:44:57.631Z","datePublished":"2026-05-13T18:00:22.649Z","dateUpdated":"2026-05-15T03:56:05.013Z"},"containers":{"cna":{"providerMetadata":{"orgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","shortName":"Zoom","dateUpdated":"2026-05-13T18:00:22.649Z"},"datePublic":"2026-05-12T12:00:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-73","description":"CWE-73 External control of file name or path","type":"CWE"}]}],"affected":[{"vendor":"Zoom Communications","product":"Zoom Workplace VDI Plugin","platforms":["Windows"],"versions":[{"status":"affected","version":"0","lessThan":"6.6.11","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.","supportingMedia":[{"type":"text/html","base64":false,"value":"External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access."}]}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}],"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseSeverity":"HIGH","baseScore":7.8,"vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-14T00:00:00+00:00","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3","id":"CVE-2026-30905"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-15T03:56:05.013Z"}}]}}