Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000009

[Content Description]
Zoom recently released a major cybersecurity advisory (CVE-2026-30903, CVSS: 9.6) for the Windows version of Zoom Workplace. This vulnerability exists in the email function, and because file names or paths can be controlled externally, it could allow unauthenticated attackers to access the system and escalate privileges over the network.

[Affected Platforms]
Zoom Workplace for Windows versions prior to 6.6.0
Zoom Workplace VDI Client for Windows versions prior to 6.4.17, 6.515, and 6.6.10

[Recommended Actions]
Patch according to the solutions released on the official website: https://www.zoom.com/en/trust/security-bulletin/zsb-26005/

[References]
1. https://www.twcert.org.tw/tw/cp-169-10758-31469-1.html