Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Zoom Workplace

Source -

CNA

CNA CVEs -

8

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
8Vulnerabilities found
CVE-2026-53408
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-8.1||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 17:57
Updated-12 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications
Product-Zoom Workplace
CWE ID-CWE-939
Improper Authorization in Handler for Custom URL Scheme
CVE-2026-53407
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-8.1||HIGH
EPSS-Not Assigned
Published-12 Jun, 2026 | 17:56
Updated-12 Jun, 2026 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications
Product-Zoom Workplace
CWE ID-CWE-939
Improper Authorization in Handler for Custom URL Scheme
CVE-2026-30904
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-1.8||LOW
EPSS-0.02% / 5.62%
||
7 Day CHG~0.00%
Published-13 May, 2026 | 17:53
Updated-03 Jun, 2026 | 01:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.

Action-Not Available
Vendor-Zoom CommunicationsZoom Communications, Inc.
Product-workplaceZoom Workplace
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-30903
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.10% / 28.01%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 14:52
Updated-14 May, 2026 | 20:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

External Control of File Name or Path in the Mail feature of Zoom Workplace for Windows before 6.6.0 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom CommunicationsZoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE ID-CWE-73
External Control of File Name or Path
CVE-2026-30902
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 4.81%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 14:50
Updated-14 May, 2026 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows - Improper Privilege Management

Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructureworkplace_desktopZoom Workplace
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-30900
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 5.57%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 14:44
Updated-14 May, 2026 | 21:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Clients for Windows - Improper Check

Improper Check of minimum version in update functionality of certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kitworkplace_virtual_desktop_infrastructureZoom Workplace
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2025-62484
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-8.1||HIGH
EPSS-0.10% / 27.76%
||
7 Day CHG+0.01%
Published-13 Nov, 2025 | 15:07
Updated-26 Feb, 2026 | 16:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Clients - Inefficient Regular Expression Complexity

Inefficient regular expression complexity in certain Zoom Workplace Clients before version 6.5.10 may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplacemeeting_software_development_kitZoom Workplace
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2025-62482
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 24.94%
||
7 Day CHG+0.01%
Published-Not Available
Updated-13 Jan, 2026 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting in Zoom Workplace for Windows before version 6.5.10 may allow an unauthenticated user to impact integrity via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')