# Zoom warns of critical account takeover vulnerability

_Wednesday, July 15, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![Zoom warns of critical account takeover vulnerability — Primary](https://www.bleepstatic.com/content/hl-images/2026/07/15/zoom.jpg)

Zoom warned of a critical vulnerability in its desktop client and software development kit for Windows that could allow an unauthenticated party to hijack accounts, the company said in an advisory this week. The flaw, tracked as CVE-2026-53412, received a severity score of 9.8 out of 10 and was discovered internally. It affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0. The vendor described the issue as an improper input validation problem that may allow an unauthenticated user to conduct an account takeover via network access. Zoom recommends that users apply the latest updates to mitigate the risks. The newest security patches also address three high-severity flaws: CVE-2026-53410, a time-of-check to time-of-use race condition; CVE-2026-53409, an improper privilege management flaw in Zoom Rooms for Windows; and CVE-2026-53411, an improper input validation flaw in the Zoom Workplace VDI Plugin for Windows. At the time of disclosure, there were no indications that any of the vulnerabilities were being exploited in attacks.

## Sources

- [Bleeping Computer](https://www.bleepingcomputer.com/news/security/zoom-warns-of-critical-account-takeover-vulnerability/)

---
Canonical: https://techandbusiness.org/newswire/Re13ifrGl4Nvybv6cvRePe
Retrieved: 2026-07-16T01:59:07.243Z
Publisher: Tech & Business (techandbusiness.org)
