—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Zoom Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Zoom Workplace for iOS before version 7.0.0

Zoom Workplace VDI Plugin version 6.6.10

Zoom Rooms for Windows before version 7.0.0

Overview

Multiple vulnerabilities have been reported in Zoom products that could be exploited by an attacker to gain elevated privileges or obtain sensitive information on the targeted system.

Target Audience:

All end-user organizations and individuals using Zoom applications.

Risk Assessment:

High risk of unauthorized access to sensitive data and system compromise.

Impact Assessment:

Potential for sensitive information disclosure and unauthorized access.

Description

Zoom products are cloud-based communication and collaboration tools that enable video meetings, team chat, phone services, webinars, and online productivity for individuals and organizations.

Multiple vulnerabilities exist in Zoom products due to protection mechanism failure, external control of file name or path and untrusted search path vulnerabilities.

Successful exploitation of these vulnerabilities could allow an attacker to gain elevated privileges or obtain sensitive information on the targeted system.

Solution

Apply appropriate security updates as mentioned in:

https://www.zoom.com/en/trust/security-bulletin/

Vendor Information

Zoom 

https://www.zoom.com/en/trust/security-bulletin/

References

Zoom 

https://www.zoom.com/en/trust/security-bulletin/zsb-26006/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1778561668584

https://www.zoom.com/en/trust/security-bulletin/zsb-26007/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1778561668584

https://www.zoom.com/en/trust/security-bulletin/zsb-26008/?ampDeviceId=95a6e736-e8fe-469e-b84f-6c743a8150d5&SessionId=1778561668584

CVE Name

CVE-2026-30904

CVE-2026-30905

CVE-2026-30906

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoF5HYACgkQ3jCgcSdc

ys8V0w/+JKtvf3Z+egbENneeZj+VPf0H+QeS6OUuOCdn2XEhL4oDJeqcoBa7br4T

Xh80V9hnjex71bH5+bsPpmmXKUJ3wArH162+bUef0z2YOWlsxeHYhfTC3X7Kak++

vg0117dXowhhLfiyAT7GswSdUAsM7Tk65vp1EPS/fYOV43mg5sG1XMwNPCgdWL5+

vXrOhMhJDNNTEDg4XkEvUWfD7yyLPjwz0Ypz5fXk5Gajkynq2b5znDPx21K7D0p2

OU3EIHFG8aZOYO1OI/pF4D10631ao+jq4mtGjy87UWd8nBIMdM2Jcy87PAetggKF

IFpFJswnBBIEo5KAMUHCqvwaC6X8PHXCFc939yxqGgye2/52l+4df225n1pv7PaY

K8zgaN8BN+6R32xqLqZ5/3b5BHUdtmcPa27rFmSRHewIbDmhXwDq8Bqj7KTzEasc

dwnhJx82CMIV85WnmH9yGvmpKykrAYo+G9MZcnFEsLhvTvMW0OqImW1SsP++f9wA

QGydaHpubB+0GgVvq94ApiJQa3TFEpttVQpFHnGvZAkY1Ah9N2h0efOPcJfocmYh

6pl3Ss+nsfQ8oLJLNEf/3OcszgapRs/OnjQZN7wZ8o1BbcffSeQlMOti5Ke/sDBd

GgcUGhPLPuR0gA3mY72JNhLtou+a9zhKW3PqUjcEK6267CMHDLI=

=dlNJ

—–END PGP SIGNATURE—–