Zoom warns of critical account takeover vulnerability

Zoom warns of critical account takeover vulnerability

Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts.

Discovered internally, the security issue is tracked as CVE-2026-53412 and received a severity score of 9.8 out of 10.

In an advisory this week, the messaging platform says that the flaw affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0.

image

Zoom Workplace, formerly known as Zoom, is a desktop collaboration application for video meetings, group chat, VoIP phone calls, calendar, email, document collaboration, whiteboards, and AI-powered productivity features.

The Windows desktop client is widely deployed and used by millions of individuals and organizations worldwide.

The vendor did not provide any technical details about the flaw in the bulletin, and just described it as an improper input validation issue.

“Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access,” reads the security advisory.

To mitigate the risks stemming from CVE-2026-53412, the company recommends that users apply the latest updates.

Zoom's newest security patches also address the following less severe flaws:

  • CVE-2026-53410: high-severity TOCTOU (time-of-check to time-of-use) race condition affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. The flaw could allow an authenticated local user to escalate privileges during installation or uninstallation.
  • CVE-2026-53409: high-severity improper privilege management flaw affecting Zoom Rooms for Windows before version 7.1.0 that could allow an authenticated user with local access to escalate privileges.
  • CVE-2026-53411: high-severity improper input validation flaw affecting the Zoom Workplace VDI Plugin for Windows before version 6.6.14 that could allow an authenticated user with local access to escalate privileges.

At the time of disclosure, there are no indications that any of the vulnerabilities that Zoom fixed are being exploited in attacks.

Test every layer before attackers do

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper
source: BleepingComputer