Zoom Workplace Windows improper input validation account takeover security flaw (CVE-2026-53412)
Vulnerability
Summary
Hide ▲
Show ▼
Zoom Workplace for Windows and related Windows clients were patched for CVE-2026-53412, a critical improper input validation flaw that could let an unauthenticated attacker take over accounts over the network. The issue affects Zoom Workplace for Windows before 7.0.0, the Windows VDI Client before 7.0.10/6.6.15/6.5.18, and the Meeting SDK for Windows before 7.0.0. Zoom said users should install the latest updates and reported no indications of exploitation in attacks.
Timeline
-
15.07.2026 23:16 3 articles · 12h ago
Zoom warns of critical Windows account takeover flaw
Initial DisclosureZoom warned that CVE-2026-53412 is a critical improper input validation flaw in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows that may let an unauthenticated user take over accounts via network access. The advisory says the issue affects Zoom Workplace for Windows before version 7.0.0, the Windows VDI Client before versions 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0, and Zoom recommends applying the latest updates; the company also said there were no indications that the fixed vulnerabilities were being exploited in attacks at the time of disclosure.
Show sources
- Zoom warns of critical account takeover vulnerability — www.bleepingcomputer.com — 15.07.2026 23:16
- Zoom warns of critical account takeover vulnerability — www.bleepingcomputer.com — 15.07.2026 23:16
- Zoom Patches Critical Windows Flaw That Could Enable Account Takeover — thehackernews.com — 16.07.2026 10:22