Skip to content
Tech News
← Back to articles

Zoom warns of critical account takeover vulnerability

read original more articles

Zoom is warning of a critical vulnerability in its desktop client and software development kit for Windows that could be exploited by an unauthenticated party to hijack accounts.

Discovered internally, the security issue is tracked as CVE-2026-53412 and received a severity score of 9.8 out of 10.

In an advisory this week, the messaging platform says that the flaw affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0.

Zoom Workplace, formerly known as Zoom, is a desktop collaboration application for video meetings, group chat, VoIP phone calls, calendar, email, document collaboration, whiteboards, and AI-powered productivity features.

The Windows desktop client is widely deployed and used by millions of individuals and organizations worldwide.

The vendor did not provide any technical details about the flaw in the bulletin, and just described it as an improper input validation issue.

“Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access,” reads the security advisory.

To mitigate the risks stemming from CVE-2026-53412, the company recommends that users apply the latest updates.

Zoom's newest security patches also address the following less severe flaws:

CVE-2026-53410: high-severity TOCTOU (time-of-check to time-of-use) race condition affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. The flaw could allow an authenticated local user to escalate privileges during installation or uninstallation.

... continue reading