• 2 min read
Zoom fixes critical bug with remote account takeover risk
Zoom has patched a critical Windows flaw, CVE-2026-53412, rated 9.8/10, alongside three high-severity bugs in Workplace, VDI, Rooms, and SDK products.

Image: TechRadar
Zoom has patched a critical security flaw in several Windows products that could have allowed attackers to take over accounts remotely.
In a security advisory, the company said the issue was an improper input validation bug affecting:
- Zoom Desktop Client for Windows before version 7.0.0
- Zoom VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18
- Zoom Meeting SDK for Windows before version 7.0.0
The flaw is tracked as CVE-2026-53412 and carries a CVSS score of 9.8/10. Zoom did not disclose technical details on how the vulnerability works, but urged users to update affected software to the latest versions.
The company also fixed several high-severity bugs:

Recommended reading
New deepfake detector tops 95% by reading facial motion
- CVE-2026-53410, a TOCTOU race condition rated 7/10, affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0
- CVE-2026-53409, an improper privilege management flaw affecting Zoom Rooms for Windows before 7.1.0
- CVE-2026-53411, an improper input validation flaw affecting the Zoom Workplace VDI Plugin for Windows before 6.6.14
According to Zoom, all of the vulnerabilities were found internally, and there is no evidence they were exploited in real-world attacks.
Zoom Workplace is the company’s broader collaboration platform, combining video meetings, team chat, phone, email, calendar, scheduling, whiteboards, and other productivity tools as Zoom pushes further against Microsoft 365 and Google Workspace.
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via TechRadar


