• 2 min read
Zoom flags critical Windows flaw tied to account takeover
Zoom says a critical Windows client and SDK bug, CVE-2026-53412, could let an unauthenticated attacker hijack accounts over a network.

Image: BleepingComputer
Zoom has disclosed a critical Windows vulnerability that could let an unauthenticated attacker take over accounts via network access. The issue, tracked as CVE-2026-53412, carries a CVSS score of 9.8 out of 10.
According to Zoom’s advisory, the flaw is an improper input validation bug affecting:
- Zoom Workplace for Windows before 7.0.0
- Windows VDI Client before 7.0.10, 6.6.15, and 6.5.18
- Meeting SDK for Windows before 7.0.0
Zoom said the vulnerability was discovered internally but did not publish technical details. The company only described the bug in broad terms in its bulletin.
“Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access,”
The company urged users to install the latest updates. Zoom Workplace, formerly known as Zoom, is the company’s desktop collaboration app for video meetings, group chat, VoIP calls, calendar, email, document collaboration, whiteboards, and AI-powered productivity features, and its Windows client is used by millions of people and organizations.
Zoom also patched three high-severity Windows flaws:

Recommended reading
Suno hack exposed how much music it scraped
- CVE-2026-53410: a TOCTOU race condition affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. It could let an authenticated local user escalate privileges during installation or uninstallation.
- CVE-2026-53409: an improper privilege management flaw affecting Zoom Rooms for Windows before 7.1.0 that could let an authenticated user with local access escalate privileges.
- CVE-2026-53411: an improper input validation flaw affecting the Zoom Workplace VDI Plugin for Windows before 6.6.14 that could let an authenticated user with local access escalate privileges.
At the time of disclosure, Zoom said there were no indications that any of the patched vulnerabilities were being exploited in attacks.
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via BleepingComputer


