Back to Feed
VulnerabilitiesJul 16, 2026

Zoom Patches Critical Windows Flaw That Could Enable Account Takeover

Zoom patches critical Windows flaw (CVE-2026-53412, CVSS 9.8) enabling unauthenticated account takeover.

Summary

Zoom released security updates addressing CVE-2026-53412, a critical vulnerability with a CVSS score of 9.8 affecting Zoom Desktop Client, VDI Client, and Meeting SDK for Windows that could allow unauthenticated attackers to conduct account takeover via network access. The patch also addresses three high-severity flaws (CVE-2026-53411, CVE-2026-53410, CVE-2026-53409) related to privilege escalation and race conditions across multiple Zoom products for Windows. No active exploitation has been reported as of the advisory date.

Full text

Zoom Patches Critical Windows Flaw That Could Enable Account Takeover Ravie LakshmananJul 16, 2026Vulnerability / Enterprise Security Zoom has released security updates for a critical security flaw impacting Zoom Workplace for Windows that could facilitate account takeover. The vulnerability, tracked as CVE-2026-53412 (CVSS score: 9.8), affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. "Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access," Zoom said in an advisory released this week. The latest security fixes also address three high-severity flaws - CVE-2026-53411 (CVSS score: 7.8) - An improper input validation vulnerability in the Zoom Workplace VDI Plugin for Windows before version 6.6.14 that may allow an authenticated user to conduct an escalation of privilege via local access. CVE-2026-53410 (CVSS score: 7.0) - A time-of-check to time-of-use (TOCTOU) race condition vulnerability in the installation and uninstallation process of certain Zoom Clients for Windows that could allow an authenticated local user to escalate privileges. CVE-2026-53409 (CVSS score: 7.8) - An improper privilege management vulnerability in Zoom Rooms for Windows before version 7.1.0 that may allow an authenticated user to conduct an escalation of privilege via local access. It's worth noting that CVE-2026-53410 affects the following products - Zoom Workplace for Windows before version 7.0.5 Zoom Workplace VDI Client for Windows before 6.5.17 and 6.6.14 in their respective branch Zoom Workplace VDI plugin for Windows before 6.5.17 and 6.6.14 in their respective branch Zoom Rooms for Windows before 7.0.5 Remote Control for Zoom Contact Center for Windows before version 7.0.0 As of writing, there are no indications that any of the flaws are being exploited in real-world attacks. Users can stay protected by applying the latest updates. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  account takeover, Application Security, endpoint security, enterprise security, privilege escalation, Software Security, Vulnerability, Windows ⚡ Top Stories This Week 16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker Rogue Agent Flaw Could Have Let Attackers Hijack Google Dialogflow CX Chatbots RedWing MaaS Packages Android Bank Fraud as a Telegram Rental Service 15-Year-Old GhostLock Flaw Enables Root and Container Escape on Most Linux Distros GitHub Copilot Refuses Harmful Requests in Chat, Then Writes Them in Code New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware GhostApproval Symlink Flaws Could Let Malicious Repos Run Code in AI Coding Agents Top AI Agents Built to Catch Malicious Code Can Be Tricked Into Running It Meta's New AI Image Tool Lets Others Use Your Public Instagram Photos in AI Images ThreatsDay: Cloud Bucket Hijacking, Windows LPE Chain, Global Fraud Bust + 17 More Stories Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs Attackers Exploit 'Ill Bloom' Vulnerability to Drain Over $5 Million From Cryptocurrency Wallets Unpatched XRING Flaw in XQUIC Lets Remote Clients Crash HTTP/3 Servers Researcher Details WhatsApp-to-Host Attack Chain Using Three OpenClaw Flaws New TrojPix Attack Leaks Data From Air-Gapped Systems via Video Cable Emissions Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices European Parliament Member Investigating Spyware Was Hacked With Pegasus ⭐ Featured Resources What 200+ Security Teams Reveal About Using IP Intelligence in 2026 Get Hands-On SANS Training for Today’s Cyber Defense and Offensive Security Challenges See What’s Really Exposed Across Your IT, OT, IoT, Cloud, and Mobile Assets Get Gartner’s Guide to AI Agent Supervision and Runtime Controls

Indicators of Compromise

  • cve — CVE-2026-53412
  • cve — CVE-2026-53411
  • cve — CVE-2026-53410
  • cve — CVE-2026-53409

Entities

Zoom (vendor)Zoom Desktop Client for Windows (product)Zoom VDI Client for Windows (product)Zoom Meeting SDK for Windows (product)Zoom Rooms for Windows (product)