High severity7.8NVD Advisory· Published May 13, 2026· Updated Jun 3, 2026
CVE-2026-30905
CVE-2026-30905
Description
External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*Range: <6.6.11
- Range: <6.6.11
Patches
Vulnerability mechanics
References
1- www.zoom.com/en/trust/security-bulletin/zsb-26007nvdVendor Advisory
News mentions
1- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026