CVE-2026-30901
published 2026-03-11CVE-2026-30901: Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local…
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.11%
1.8th percentile
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zoom | rooms | < 6.6.5 | 6.6.5 |
| zoom_communications_inc | zoom_rooms | < 6.6.5 | 6.6.5 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Zoom Rooms up to 6.6.4 on Windows input validation (Nessus ID 302114 / WID-SEC-2026-0653)
vuldb·2026-05-17·CVSS 7.8
CVE-2026-30901 [HIGH] Zoom Rooms up to 6.6.4 on Windows input validation (Nessus ID 302114 / WID-SEC-2026-0653)
A vulnerability was found in Zoom Rooms up to 6.6.4 on Windows. It has been declared as problematic. The impacted element is an unknown function. The manipulation results in improper input validation.
This vulnerability is known as CVE-2026-30901. Attacking locally is a requirement. No exploit is available.
It is recommended to upgrade the affected component.
GHSA
GHSA-3229-88qj-9grw: Improper Input Validation in Zoom Rooms for Windows before 6
ghsa_unreviewed·2026-03-11
CVE-2026-30901 [HIGH] CWE-20 GHSA-3229-88qj-9grw: Improper Input Validation in Zoom Rooms for Windows before 6
Improper Input Validation in Zoom Rooms for Windows before 6.6.5 in Kiosk Mode may allow an authenticated user to conduct an escalation of privilege via local access.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-03-11
Published