Open Nav
Sign Up

Zoom Windows Vulnerability Enables Account Takeover (CVE-2026-53412)

cve-2026-53412

Filip Dimitrov

July 16, 2026

Zoom has released security updates for a critical vulnerability affecting Zoom Workplace and Zoom Workplace VDI clients for Windows. Tracked as CVE-2026-53412, the vulnerability could allow an unauthenticated remote attacker to take over a Zoom account through network access.

Zoom assigned the vulnerability a CVSS v3.1 score of 9.8 out of 10, placing it in the Critical severity category. The issue was discovered internally by Zoom Offensive Security and disclosed on July 14, 2026. Zoom updated its security bulletin on July 15 to clarify the affected-product scope.

Organizations using Zoom on Windows should identify vulnerable installations and deploy the appropriate fixed versions as soon as possible.

Vulnerability Overview

CVE-2026-53412 is an improper input validation vulnerability in Zoom’s Windows clients. According to Zoom, an unauthenticated attacker could exploit the issue through network access to conduct an account takeover.

The combination of remote accessibility, no authentication requirement, low complexity, and no user interaction makes CVE-2026-53412 particularly serious for organizations with large Windows Zoom deployments.

Zoom has not disclosed the specific vulnerable component, the type of network traffic required to trigger the flaw, or the technical process through which account takeover occurs. 

Affected Versions

Zoom’s revised security bulletin lists the following products and versions as affected:

  • Zoom Workplace for Windows before version 7.0.0
  • Zoom Workplace VDI Client for Windows 7.0 branch before version 7.0.10
  • Zoom Workplace VDI Client for Windows 6.6 branch before version 6.6.15
  • Zoom Workplace VDI Client for Windows 6.5 branch before version 6.5.18

Zoom initially listed the Zoom Meeting SDK for Windows as affected. However, revision 1.1 of bulletin ZSB-26014, published on July 15, removed the Meeting SDK from the affected-products list. Organizations should use the revised bulletin when determining exposure.

The current advisory only identifies Windows products as affected. Zoom clients for macOS, Linux, Android, and iOS are not listed as vulnerable to CVE-2026-53412.

Mitigation and Remediation

Organizations should take the following actions:

Update Zoom Workplace for Windows
Upgrade standard Windows installations to Zoom Workplace version 7.0.0 or later. Zoom recommends installing the latest available version rather than stopping at the minimum fixed release.

Update Zoom VDI clients
Upgrade each VDI deployment to the fixed version for its respective branch:

  • 7.0.10 or later for the 7.0 branch
  • 6.6.15 or later for the 6.6 branch
  • 6.5.18 or later for the 6.5 branch

Inventory Zoom installations
Search endpoint-management, software-inventory, and vulnerability-management platforms for vulnerable Zoom versions. Include user-installed copies, shared endpoints, persistent and non-persistent virtual desktops, remote-access systems, administrative workstations, and devices that may not regularly connect to corporate management infrastructure.

Prioritize privileged users
Prioritize Zoom administrators, executives, IT personnel, customer-facing teams, meeting hosts, and users with access to sensitive meetings, recordings, integrations, or regulated information.

Additional Zoom Security Fixes

Zoom’s July 2026 security release also addressed three high-severity Windows vulnerabilities:

  • CVE-2026-53410: A TOCTOU race condition that could allow an authenticated local user to escalate privileges during the installation or removal of certain Zoom products.
  • CVE-2026-53409: An improper privilege management vulnerability in Zoom Rooms for Windows that could allow local privilege escalation.
  • CVE-2026-53411: An improper input validation vulnerability in the Zoom Workplace VDI Plugin for Windows that could allow an authenticated local user to escalate privileges.

Organizations should deploy the latest Zoom releases to address these vulnerabilities in addition to CVE-2026-53412.

Stay Safe. Stay Secure

OP Innovate Research Team

Under Cyber Attack?

Fill out the form and we will contact you immediately.