CVE-2026-30906

HighLPE

Published: 13 May 2026

Published

13 May 2026

Modified

14 May 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0001 1.9th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-30906 is a high-severity Untrusted Search Path (CWE-426) vulnerability in Zoom Rooms (inferred from references). Its CVSS base score is 7.8 (High).

Operationally, ranked at the 1.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-426

Affected Products

Zoom

Rooms

inferred from references and description; NVD did not file a CPE for this CVE

References

https://www.zoom.com/en/trust/security-bulletin/zsb-26008
security@zoom.us