TL;DR
Zoom has patched four flaws across its Windows products. The most severe Zoom vulnerability, CVE-2026-53412 (CVSS 9.8), allows an unauthenticated user to perform an account takeover over the network. Three other bugs enable local privilege escalation. Zoom has not reported in-the-wild exploitation or public proof-of-concept code for any of them.
Why It Matters
Zoom sits on millions of corporate desktops, so client flaws reach a wide audience. A network-reachable account takeover needs no credentials and no user interaction. Consequently, CVE-2026-53412 poses the sharpest risk in this batch. The three privilege escalation bugs matter too, since attackers chain them after gaining a foothold.
How the Attacks Work
CVE-2026-53412: Account Takeover (CVSS 9.8)
Improper input validation affects the Zoom Desktop Client, VDI Client, and Meeting SDK for Windows. The gap lets an unauthenticated attacker take over an account across the network.
Three Local Privilege Escalation Flaws
CVE-2026-53411 (CVSS 7.8) stems from improper input validation in the Workplace VDI Plugin. Meanwhile, CVE-2026-53409 (CVSS 7.8) involves improper privilege management in Zoom Rooms. Rounding out the set, CVE-2026-53410 (CVSS 7.0) is a time-of-check to time-of-use race condition during install and uninstall. Each requires an authenticated local user.
Affected Versions
The account takeover flaw hits Zoom Workplace for Windows before 7.0.0, the VDI Client before 7.0.10, 6.6.15, and 6.5.18 in their branches, and the Meeting SDK before 7.0.0. The race condition affects Workplace before 7.0.5, VDI Client and plugin before 6.5.17 and 6.6.14, Zoom Rooms before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. Separately, the VDI Plugin flaw affects builds before 6.6.14, and the Zoom Rooms flaw affects versions before 7.1.0.
Patch and Mitigation Steps
Update every affected Zoom product to the fixed version listed above. Home users should grab the latest builds from Zoom’s download page. Administrators, meanwhile, should push updates through managed deployment and confirm VDI plugin and client versions match.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.