[CIVN-2026-0139] Multiple Vulnerabilities in Zoom Products
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
Multiple Vulnerabilities in Zoom Products
Indian – Computer Emergency Response Team (https://www.cert-in.org.in)
Severity Rating: CRITICAL
Software Affected
Zoom Workplace for Windows before version 6.6.0
Zoom Workplace VDI Client for Windows version 6.6.10 and earlier; all versions prior to 6.4.17 and 6.5.15 in their respective branch
Zoom Rooms for Windows before version 6.6.5
Zoom Workplace for Windows before version 6.6.11 in the 6.6.x branch
Zoom Meeting SDK for Windows before version 6.6.11 in the 6.6.x branch
Overview
Multiple vulnerabilities have been reported in Zoom products that could be exploited by an attacker to gain elevated privileges on the targeted system.
Target Audience:
All end-user organisations and individuals using Zoom applications.
Risk Assessment:
High risk of data manipulation and unauthorized access to sensitive information.
Impact Assessment:
Potential compromise of application integrity and service disruption.
Description
Zoom Video Communications products are cloud-based communication and collaboration tools used for online meetings, messaging, webinars, and business communication.
Multiple vulnerabilities exist in Zoom products due to improper privilege management, improper input validation and improper checks for minimum version for update functionality.
Successful exploitation of these vulnerabilities could allow a local attacker to gain elevated privileges on the targeted system.
Solution
Apply appropriate updates as mentioned by the vendor given below:
https://www.zoom.com/en/trust/security-bulletin/zsb-26005/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
https://www.zoom.com/en/trust/security-bulletin/zsb-26004/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
https://www.zoom.com/en/trust/security-bulletin/zsb-26003/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
https://www.zoom.com/en/trust/security-bulletin/zsb-26002/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
Vendor Information
Zoom
https://www.zoom.com/en/trust/security-bulletin/
References
https://www.zoom.com/en/trust/security-bulletin/zsb-26005/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
https://www.zoom.com/en/trust/security-bulletin/zsb-26004/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
https://www.zoom.com/en/trust/security-bulletin/zsb-26003/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
https://www.zoom.com/en/trust/security-bulletin/zsb-26002/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1773122794664
CVE Name
CVE-2026-30900
CVE-2026-30901
CVE-2026-30902
CVE-2026-30903
– —
Thanks and Regards,
CERT-In
Incident Response Help Desk
e-mail: incident@cert-in.org.in
Phone: +91-11-22902657
Toll Free Number: 1800-11-4949
Toll Free Fax : 1800-11-6969
Web: http://www.cert-in.org.in
PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4
PGP Key information:
https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS
Postal address:
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmm4C2kACgkQ3jCgcSdc
ys+4VxAAqG+ASgwZiXUfD/DnPFD7rs/64Fjy4p2kW7BdhlRCEVOLCSYo0msoXxTR
HRY/zIE01EK346dtSwe0iS4FnnfRVVkQ0yLnyhSZIuuPVUKkVHKc+AcDvLLbIsym
x2cnC2oeF+GQQr8reMVPgJoxI062zXAP0mSoOhykP8lRuIvavQdSOJ5l/TArpbtX
FBWZAzNS5vmeAYg21w5FbvgzpChB0+RX0HmUKW6OGjMIlVbFz/hvf2XaBw709Qul
jK3vD39Tj4pJTNBs8e7Hm47NSc9YGNZH16SXldM6bbOK2Bva4riKXYTubXhk2ZZL
tOO0SZJTCt23Dui7D1yii5QirNeoPcStcJQZM+Ghp76NsKkF8Xbys8BA5+5/8Ol3
gDGOjdv+78nCbAiO0VyDxuZWc5Dtvj7HEmbKKwjrey97dS/vqk5PbTb5iZWswsdH
+karDzO/nubbP80tWTh1lDhPwf96iDnkS+QlaYLZOxlYgbSTtAulM70ZwvWiy/Ju
IhL2SZsrBx7T1Jl2euDb4VTlBxYI2l6PdwMQHnZkCboWmEXkUQikOdfss9+Byj4Y
Lr4doApgIitdH5tFSpIV4Fu0lQhVRlM0SoLJYgIt50+Ivg5uhk23/0p5nFGzNukH
VLQeg/R3DmsvLVaj4GuuT9NcrRz7bprX88svCONDjDY5yAJ6yUA=
=uIb8
—–END PGP SIGNATURE—–
![[CIVN-2026-0141] Multiple vulnerabilities in Google Chrome for Desktop](https://teamwin.in/wp-content/uploads/2025/06/certin-new-e1751351599950-500x383.png)
