{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-30905", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2026-03-06T18:44:57.631Z", "datePublished": "2026-05-13T18:00:22.649Z", "dateUpdated": "2026-05-15T03:56:05.013Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-05-13T18:00:22.649Z"}, "datePublic": "2026-05-12T12:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-73", "description": "CWE-73 External control of file name or path", "type": "CWE"}]}], "affected": [{"vendor": "Zoom Communications", "product": "Zoom Workplace VDI Plugin", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThan": "6.6.11", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access."}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-14T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-30905"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-15T03:56:05.013Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-30905", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-05-13T18:54:30.275041Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T18:54:46.375Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications", "product": "Zoom Workplace VDI Plugin", "versions": [{"status": "affected", "version": "0", "lessThan": "6.6.11", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2026-05-12T12:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73 External control of file name or path"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-05-13T18:00:22.649Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30905", "state": "PUBLISHED", "dateUpdated": "2026-05-15T03:56:05.013Z", "dateReserved": "2026-03-06T18:44:57.631Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2026-05-13T18:00:22.649Z", "assignerShortName": "Zoom"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zoom:workplace_virtual_desktop_infrastructure:*:*:*:*:*:windows:*:*", "matchCriteriaId": "71CB5B38-4382-4E63-8ED6-D4E7CE2ADD04", "versionEndExcluding": "6.6.11", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "External Control of File Name or Path in the Zoom Workplace VDI Plugin Windows Universal Installer before version 6.6.11 may allow an authenticated user to conduct an escalation of privilege via local access."}], "id": "CVE-2026-30905", "lastModified": "2026-06-03T01:26:11.010", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-05-13T19:17:05.367", "references": [{"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26007"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-610"}], "source": "[email protected]", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": ["Windows"], "status": "affected", "versions": {"scheme": "generic", "value": "[0,6.6.11)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "product": "workplace_vdi_plugin", "vendor": "zoom"}], "created": "2026-05-13T19:45:03.837386+00:00", "updated": "2026-06-03T04:45:25.731565+00:00", "vendors": ["zoom", "zoom$PRODUCT$workplace_vdi_plugin"]}