Zoom has released security updates to address a critical vulnerability in its Windows client that could allow unauthorized account takeovers. Identified as CVE-2026-53412 with a CVSS score of 9.8, this flaw affects the Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.
The issue stems from improper input validation, which could enable an unauthenticated attacker to gain control over user accounts via network access. To mitigate this risk, Zoom has issued patches for the affected products.
In addition to this critical flaw, Zoom has addressed three high-severity vulnerabilities:
- CVE-2026-53411 (CVSS score: 7.8): An input validation issue in the Zoom Workplace VDI Plugin for Windows, prior to version 6.6.14, that may allow authenticated users to escalate privileges through local access.
- CVE-2026-53410 (CVSS score: 7.0): A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation processes of certain Zoom Clients for Windows, potentially enabling local privilege escalation by authenticated users.
- CVE-2026-53409 (CVSS score: 7.8): A privilege management flaw in Zoom Rooms for Windows, before version 7.1.0, that could allow authenticated users to escalate privileges via local access.
Notably, CVE-2026-53410 affects multiple products, including:
- Zoom Workplace for Windows versions before 7.0.5
- Zoom Workplace VDI Client for Windows versions before 6.5.17 and 6.6.14 in their respective branches
- Zoom Workplace VDI Plugin for Windows versions before 6.5.17 and 6.6.14 in their respective branches
- Zoom Rooms for Windows versions before 7.0.5
- Remote Control for Zoom Contact Center for Windows versions before 7.0.0
As of now, there are no reports of these vulnerabilities being exploited in the wild. However, users are strongly advised to update their Zoom applications to the latest versions to ensure protection against potential threats.
Given the widespread use of Zoom in both personal and professional settings, timely application of these security patches is crucial. Organizations should prioritize these updates to maintain the integrity and security of their communication platforms.