CVE-2026-30904 Overview
CVE-2026-30904 is a protection mechanism failure [CWE-693] affecting Zoom Workplace for iOS prior to version 7.0.0. The flaw permits an authenticated user with physical access to the device to obtain limited information that should otherwise be protected by the application's security controls. Exploitation requires both high privileges and physical possession of the target device, which significantly constrains real-world risk. Zoom documented the issue in security bulletin ZSB-26006 and addressed it in version 7.0.0 of Zoom Workplace for iOS.
Critical Impact
An authenticated attacker with physical access to an unlocked iOS device running a vulnerable Zoom Workplace build can disclose limited application information that bypasses an intended protection mechanism.
Affected Products
- Zoom Workplace for iOS versions prior to 7.0.0
- Apple iOS devices running the vulnerable Zoom Workplace client
- Enterprise deployments distributing Zoom Workplace for iOS through MDM
Discovery Timeline
- 2026-05-13 - CVE-2026-30904 published to NVD
- 2026-05-13 - Last updated in NVD database
Technical Details for CVE-2026-30904
Vulnerability Analysis
The vulnerability is classified under [CWE-693] Protection Mechanism Failure. This weakness category covers cases where a product implements a security control but the control does not behave as intended, allowing an attacker to bypass the protection. In Zoom Workplace for iOS, the affected mechanism fails to fully prevent disclosure of information to a local user interacting directly with the device.
The attack vector is physical, meaning the attacker must hold the device to exploit the issue. The attacker must also already be authenticated, which limits the population of potential attackers to legitimate device users, insiders, or someone who has obtained an unlocked device. No user interaction beyond the attacker's own actions is required, and only confidentiality is impacted.
Because the issue is local and physical, network-based exploitation is not possible. The disclosed information is constrained to data accessible through the bypassed protection mechanism rather than full account compromise.
Root Cause
The root cause is an implementation defect in a protection control within Zoom Workplace for iOS that should prevent an authenticated local user from viewing certain protected information. The control either fails to engage in specific UI states or can be circumvented through direct interaction with the application on the device. Zoom has not published low-level technical details beyond the bulletin reference.
Attack Vector
An attacker with physical possession of an unlocked iOS device and an active authenticated Zoom Workplace session interacts with the application to surface information the protection mechanism is supposed to hide. The exploitation does not require code execution, jailbreak, or network access. See the Zoom Security Bulletin ZSB-26006 for vendor details.
Detection Methods for CVE-2026-30904
Indicators of Compromise
- No public indicators of compromise have been published for CVE-2026-30904.
- No exploit code, proof-of-concept, or CISA KEV listing is associated with this CVE.
Detection Strategies
- Inventory iOS endpoints through mobile device management (MDM) and identify any device running Zoom Workplace for iOS below version 7.0.0.
- Correlate application version telemetry with user and device identity to flag accounts authenticated on outdated clients.
- Review physical device handling reports, lost or stolen device tickets, and unattended-device incidents for affected users.
Monitoring Recommendations
- Track Zoom Workplace for iOS client versions on a continuous basis through MDM compliance reporting.
- Alert on devices that remain on pre-7.0.0 builds beyond a defined patch window.
- Monitor Zoom administrative audit logs for sign-in activity from devices that have not yet been upgraded.
How to Mitigate CVE-2026-30904
Immediate Actions Required
- Upgrade Zoom Workplace for iOS to version 7.0.0 or later on every managed and unmanaged device.
- Push the update through MDM as a required application and enforce minimum version policies for Zoom sign-in where supported.
- Enforce iOS device passcodes, biometric unlock, and short auto-lock intervals to reduce exposure from physical access.
Patch Information
Zoom addressed CVE-2026-30904 in Zoom Workplace for iOS version 7.0.0. Administrators should consult the Zoom Security Bulletin ZSB-26006 for the authoritative remediation guidance and verify deployed builds against that bulletin.
Workarounds
- Require device-level encryption and strong passcodes on all iOS endpoints used for Zoom Workplace.
- Restrict shared or kiosk-style use of personal Zoom-authenticated devices until the patch is applied.
- Sign out of Zoom Workplace on devices that cannot be promptly upgraded to version 7.0.0.
# Example MDM compliance check (pseudocode)
# Flag devices running Zoom Workplace for iOS below 7.0.0
mdm query app="us.zoom.videomeetings" \
--platform ios \
--version "<7.0.0" \
--action notify_user_and_admin
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
