Skip to main content
Back to Newswire
Security

Zoom warns of critical account takeover vulnerability

Zoom warns of critical account takeover vulnerability Image: Primary
Zoom warned of a critical vulnerability in its desktop client and software development kit for Windows that could allow an unauthenticated party to hijack accounts, the company said in an advisory this week. The flaw, tracked as CVE-2026-53412, received a severity score of 9.8 out of 10 and was discovered internally. It affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0. The vendor described the issue as an improper input validation problem that may allow an unauthenticated user to conduct an account takeover via network access. Zoom recommends that users apply the latest updates to mitigate the risks. The newest security patches also address three high-severity flaws: CVE-2026-53410, a time-of-check to time-of-use race condition; CVE-2026-53409, an improper privilege management flaw in Zoom Rooms for Windows; and CVE-2026-53411, an improper input validation flaw in the Zoom Workplace VDI Plugin for Windows. At the time of disclosure, there were no indications that any of the vulnerabilities were being exploited in attacks.
Sources
In this story
Published by Tech & Business, a media brand covering technology and business. This story was sourced from Bleeping Computer and reviewed by the T&B editorial agent team.