CVE-2026-30902
📋 TL;DR
This vulnerability in Zoom Clients for Windows allows authenticated local users to escalate their privileges on the system. Attackers could gain higher-level permissions than intended, potentially compromising the entire Windows machine. Only Windows Zoom clients with affected versions are impacted.
💻 Affected Systems
- Zoom Client for Windows
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An authenticated attacker gains SYSTEM/administrator privileges, enabling complete system takeover, installation of malware, credential theft, and lateral movement across the network.
Likely Case
Malicious insider or compromised user account escalates to admin rights to install persistent backdoors, access sensitive data, or disable security controls.
If Mitigated
With proper privilege separation and endpoint protection, exploitation would be detected and contained before significant damage occurs.
🎯 Exploit Status
Exploitation requires local authenticated access. CWE-269 indicates improper privilege management, suggesting misconfigured permissions or service misbehavior.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Zoom advisory ZSB-26004 for patched versions
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-26004
Restart Required: Yes
Instructions:
1. Visit Zoom's security bulletin ZSB-26004. 2. Identify patched version for your Zoom client. 3. Update Zoom Client via built-in updater or download latest version from zoom.us. 4. Restart computer after installation.
🔧 Temporary Workarounds
Restrict Local User Privileges
windowsLimit standard user accounts to prevent privilege escalation attempts
Disable Zoom Auto-Update
windowsPrevent automatic updates until patch is verified, though manual update to patched version is still required
🧯 If You Can't Patch
- Remove Zoom from high-value systems until patched
- Implement application whitelisting to block unauthorized privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check Zoom client version in Settings > About. Compare against affected versions in Zoom advisory ZSB-26004.Check Version:
In Zoom client: Settings > About, or check Windows Programs list for Zoom versionVerify Fix Applied:
Confirm Zoom client version matches or exceeds patched version listed in Zoom advisory ZSB-26004.📡 Detection & Monitoring
Log Indicators:
- Windows Event Logs showing unexpected privilege escalation
- Zoom process spawning with elevated privileges
- Unexpected service or process creation by Zoom
Network Indicators:
- Unusual outbound connections from Zoom process post-exploitation
SIEM Query:
EventID=4688 AND ProcessName="Zoom.exe" AND NewProcessName IN ("cmd.exe", "powershell.exe", "net.exe") AND SubjectUserName!=SYSTEM