Main Vulnerability Database SB2026051256

SB2026051256 - Information disclosure in Zoom Workplace for iOS

Published: May 12, 2026

Security Bulletin ID SB2026051256

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Protection Mechanism Failure (CVE-ID: CVE-2026-30904)

CWE-ID: CWE-693 - Protection Mechanism Failure

CVSSv4: CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows an attacker with physical access to disclose sensitive information.

The vulnerability exists due to protection mechanism failure in Zoom Workplace App for iOS when handling local application data on a physically accessible device. An attacker with physical access can access the device to disclose sensitive information.

Remediation

Install update from vendor's website.

References

https://www.zoom.com/en/trust/security-bulletin/ZSB-26006/