CVE-2026-30906
HIGHDescription
Untrusted search path in the installer for Zoom Rooms for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
Is your site exposed to CVE-2026-30906?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2026-30906? +
How severe is CVE-2026-30906? +
How do I check if I'm vulnerable to CVE-2026-30906? +
Related Vulnerabilities
There is a defect in the CPython standard library module “mimetypes” where on Windows the default list of known file …
Rufus is a utility that helps format and create bootable USB flash drives. A DLL hijacking vulnerability in Rufus 4.6.2208 …
Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution …
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user …
In Seagate Toolkit on Windows a vulnerability exists in the Toolkit Installer prior to versions 2.35.0.6 where it attempts to …
Untrusted Search Path vulnerability in OpenText™ Application Lifecycle Management (ALM),Quality Center allows Code Inclusion. The vulnerability allows a user to …