HTML injection in Zoom Linux client
Description
In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
HTML injection in Zoom Client for Meetings on Ubuntu before 5.1.0 allows meeting participants to be targeted for social engineering via remote control requests during screen sharing.
Vulnerability
An HTML injection vulnerability exists in the Zoom Client for Meetings for Ubuntu Linux prior to version 5.1.0. The flaw occurs when a user sends a remote control request to another participant during an in-meeting screen sharing session. The injected HTML is rendered in the request, potentially misleading the recipient. Affected versions: all versions before 5.1.0.
Exploitation
An attacker must be a meeting participant and initiate a remote control request while the target is sharing their screen. The attacker crafts the request with malicious HTML content. No authentication or additional privileges are required beyond being in the meeting. The victim must receive and likely interact with the request to be affected.
Impact
Successful exploitation allows the attacker to perform social engineering attacks against targeted meeting participants. The injected HTML can display deceptive messages or prompts, potentially leading to credential disclosure or other harmful actions. The impact is limited to social engineering; no direct code execution or data breach is reported.
Mitigation
Zoom has fixed this vulnerability in version 5.1.0. Users of Zoom Client for Meetings on Ubuntu Linux should update to the latest version as recommended in the Zoom Security Bulletin [1]. No workaround is available for affected versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <5.1.0
- Zoom Video Communications Inc/Zoom Client for Meetings for Ubuntu Linuxv5Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- explore.zoom.us/en/trust/security/security-bulletinmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.