CVE-2026-30903CRITICAL 9.8EPSS p24.4%

CVE-2026-30903CVE-2026-30903

Description

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.33% probability of exploitation · percentile 24.4% · 2026-06-18T12:00:27Z
Published2026-03-11
Last modified2026-05-14

Underlying weaknesses· 2

CWE-73CWE-610

References

  1. https://www.zoom.com/en/trust/security-bulletin/zsb-26005

2

TypeTargetConfidenceTier
WeaknessExternally Controlled Reference to a Resource in Another Spherecwe-6100%live
WeaknessExternal Control of File Name or Pathcwe-730%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-30905
CVE
CVE-2026-30906
CVE
CVE-2025-49457
CVE
CVE-2026-30904
CVE
CVE-2025-0147
CVE
CVE-2025-27439
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.