Zoom has released security updates to fix CVE-2026-53412, a critical Improper Input Validation vulnerability affecting its Windows software, which could allow attackers to take over user accounts via network access. The flaw primarily impacts the Zoom Desktop Client and other Windows-based Zoom products, prompting the company to urge users to install the latest updates.
According to Zoom, CVE-2026-53412 carries a CVSS score of 9.8 and is tracked under security bulletin ZSB-26014. The company stated, “Improper Input Validation in Zoom Desktop Client for Windows and Zoom VDI Client for Windows may allow an unauthenticated user to conduct an account takeover via network access.” The vulnerability is rated Critical with the CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
CVE-2026-53412 Affects Zoom Desktop Client for Windows
The Improper Input Validation issue impacts Zoom Workplace for Windows before version 7.0.0 and Zoom Workplace VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18, depending on the software branch. Zoom advised users to remain protected by installing the latest software updates available through its download portal.
The advisory credits Zoom Offensive Security for reporting the vulnerability. It also includes a revision history showing that version 1.0 of the bulletin was published on July 14, 2026, while version 1.1, released on July 15, 2026, removed Meeting SDK for Windows from the list of affected products.
Three Additional High-Severity Vulnerabilities Addressed
Alongside CVE-2026-53412, Zoom resolved three high-severity Windows vulnerabilities.
CVE-2026-53411 received a CVSS score of 7.8 and involves an Improper Input Validation flaw in the Zoom Workplace VDI Plugin for Windows before version 6.6.14. The issue could allow an authenticated local user to escalate privileges.

CVE-2026-53410, with a CVSS score of 7.0, is a time-of-check to time-of-use (TOCTOU) race condition affecting the installation and uninstallation process of certain Zoom Windows clients. The flaw could enable an authenticated local user to gain elevated privileges.
It affects Zoom Workplace for Windows before version 7.0.5, Zoom Workplace VDI Client for Windows before versions 6.5.17 and 6.6.14, Zoom Workplace VDI Plugin for Windows before versions 6.5.17 and 6.6.14, Zoom Rooms for Windows before version 7.0.5, and Remote Control for Zoom Contact Center for Windows before version 7.0.0.
The fourth issue, CVE-2026-53409, carries a CVSS score of 7.8 and is an improper privilege management vulnerability affecting Zoom Rooms for Windows before version 7.1.0. It could allow an authenticated local user to escalate privileges through local access.
At the time of publication, there is no evidence that CVE-2026-53412 or the other disclosed vulnerabilities are being actively exploited in real-world attacks. Nevertheless, Zoom recommends users update affected Windows applications as soon as possible to mitigate potential security risks associated with the Zoom Desktop Client and related software.

