Find notable cyber news and cases, enriched with sources, timelines, and signals.

Zoom Workplace Windows improper input validation account takeover security flaw (CVE-2026-53412)

Vulnerability
First reported
Last updated
Happening score
H score 35
2 unique sources, 2 articles

Summary

Hide ▲

Zoom Workplace for Windows and related Windows clients were patched for CVE-2026-53412, a critical improper input validation flaw that could let an unauthenticated attacker take over accounts over the network. The issue affects Zoom Workplace for Windows before 7.0.0, the Windows VDI Client before 7.0.10/6.6.15/6.5.18, and the Meeting SDK for Windows before 7.0.0. Zoom said users should install the latest updates and reported no indications of exploitation in attacks.

Timeline

  1. 15.07.2026 23:16 3 articles · 12h ago

    Zoom warns of critical Windows account takeover flaw

    Initial Disclosure

    Zoom warned that CVE-2026-53412 is a critical improper input validation flaw in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows that may let an unauthenticated user take over accounts via network access. The advisory says the issue affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0, and Zoom recommends applying the latest updates; the company also said there were no indications that the fixed vulnerabilities were being exploited in attacks at the time of disclosure.

    Show sources