Critical Zoom Vulnerability Puts Windows Accounts at Risk of Takeover
A critical vulnerability, tracked as **CVE-2026-53412**, has been discovered in **Zoom Workplace** for Windows, **Zoom VDI Client for Windows**, and **Zoom Meeting SDK for Windows**. This flaw could enable unauthenticated attackers to remotely hijack user accounts. Users are urged to update their software immediately to mitigate the risk.

**Zoom** has issued a stark warning regarding a critical security vulnerability in its desktop client and software development kit (SDK) for Windows. The flaw, designated **CVE-2026-53412**, carries a severe CVSS score of 9.8 out of 10, indicating a high potential for exploitation.
### Unauthenticated Account Takeover Threat
The vulnerability, discovered internally by **Zoom**, is described as an improper input validation issue. This could allow an unauthenticated attacker to conduct an account takeover via network access, impacting millions of users globally.
### Affected Versions
The security advisory specifies that the flaw affects:
* **Zoom Workplace** for Windows before version 7.0.0
* **Zoom VDI Client** for Windows before versions 7.0.10, 6.6.15, and 6.5.18
* **Zoom Meeting SDK** for Windows before version 7.0.0
**Zoom Workplace**, the company's comprehensive collaboration application, integrates video meetings, chat, VoIP calls, and other productivity features, making this vulnerability particularly concerning due to its widespread deployment.
### Mitigation: Update Immediately
To safeguard against potential exploitation, **Zoom** strongly recommends that all users apply the latest updates. The company has released patches to address **CVE-2026-53412** and several other less severe vulnerabilities.
### Additional Patched Vulnerabilities
Alongside the critical account takeover flaw, **Zoom** has also addressed several high-severity issues:
* **CVE-2026-53410**: A high-severity Time-of-Check to Time-of-Use (TOCTOU) race condition affecting various **Zoom** products. This flaw could allow an authenticated local user to escalate privileges during installation or uninstallation.
* **CVE-2026-53409**: A high-severity improper privilege management flaw in **Zoom Rooms** for Windows before version 7.1.0, potentially allowing an authenticated user with local access to escalate privileges.
* **CVE-2026-53411**: Another high-severity improper input validation flaw in the **Zoom Workplace VDI Plugin** for Windows before version 6.6.14, which could also lead to privilege escalation for authenticated local users.
At the time of disclosure, there are no reported instances of these vulnerabilities being actively exploited in the wild. However, prompt patching is crucial to prevent future attacks.