Zoom warns of critical account takeover vulnerability
Key Points:
- Zoom has disclosed a critical vulnerability (CVE-2026-53412) in its Windows desktop client and SDK that could allow unauthenticated attackers to hijack user accounts, with a severity score of 9.8 out of 10.
- The flaw affects Zoom Workplace for Windows versions before 7.0.0, Windows VDI Client versions before 7.0.10, 6.6.15, and 6.5.18, and the Meeting SDK for Windows before version 7.0.0.
- The vulnerability stems from improper input validation and could enable account takeover via network access without authentication, according to Zoom's advisory.
- Zoom urges users to update to the latest versions to mitigate this and several other high-severity privilege escalation vulnerabilities fixed in recent patches.
- There are currently no reports of these vulnerabilities being exploited in the wild.