Zoom has released critical updates addressing multiple vulnerabilities affecting its Windows-based client applications. On March 10, 2026, Zoom disclosed four significant security issues, urging users to update their software immediately to mitigate potential risks.
High to Critical Severity Flaws
The disclosed vulnerabilities, ranging from High to Critical severity, could lead to privilege escalation on compromised systems. Of particular concern, a critical flaw identified as CVE-2026-30903 targets the Mail feature within Zoom Workplace for Windows. This vulnerability, which involves External Control of File Name or Path, allows attackers to manipulate file references, potentially executing unauthorized operations without requiring prior system access.
The CVSS vector indicates that this attack can be executed remotely without authentication, marking it as the most severe issue among the current disclosures. All Zoom Workplace for Windows versions prior to 6.6.0 are impacted by this vulnerability.
Other Notable Vulnerabilities
In addition to CVE-2026-30903, three other High-severity vulnerabilities were identified. CVE-2026-30902 affects Zoom Clients for Windows, involving Improper Privilege Management, where incorrect user privileges could be exploited for unauthorized access. Another vulnerability, CVE-2026-30901, targets Zoom Rooms for Windows and involves Improper Input Validation, potentially leading to unintended behaviors such as code execution.
Lastly, CVE-2026-30900 affects Zoom Workplace Clients for Windows and is described as an Improper Check issue, which could allow bypassing access controls due to verification logic failures. Zoom has a history of addressing similar issues, such as the Critical CVE-2025-49457, which was patched in August 2025.
Mitigation and Immediate Actions
Zoom has released patches for all identified vulnerabilities. Users and organizations should immediately update to Zoom Workplace for Windows version 6.6.0 or later. It is also advised to update Zoom Rooms for Windows and Zoom Clients for Windows to the latest versions available from the official Zoom download portal.
Organizations should prioritize patching systems where Zoom Workplace is frequently used, especially in email-intensive and enterprise environments. Additionally, auditing user privilege configurations and monitoring network traffic for unusual Zoom-related activities can help mitigate exploitation attempts.
Zoom strongly encourages all Windows users to apply these updates promptly, as no alternative mitigations exist beyond upgrading to the patched versions. Stay informed by following Zoom’s updates on major cybersecurity platforms.
