- Zoom fixes critical incorrect input validation errors in several Windows clients and SDKs that allowed external account takeover
- Additional high severity bugs fixed include CVE-2026-53410 (TOCTOU race condition), CVE-2026-53409 (privilege management flaw), and CVE-2026-53411 (input validation issue)
- All vulnerabilities were found internally with no evidence of exploitation; users are encouraged to update Zoom Workplace and related products to the latest versions
Zoom has fixed a critical-level vulnerability in several products that allowed threat actors to take over people’s accounts remotely.
In a security advisory, Zoom said it fixed an incorrect input validation bug plaguing Zoom Desktop Client for Windows (prior to version 7.0.0), Zoom VDI Client for Windows (prior to versions 7.0.10, 6.6.15 and 6.5.18) and Zoom Meeting SDK for Windows (prior to version 7.00). It did not go into more detail about how the bug works.
The bug is now tracked as CVE-2026-53412 and was given a severity score of 9.8/10 (Critical). To fix it, users are advised to update their software to the latest version.
Multiple vulnerabilities
While it’s certainly the most dangerous, this isn’t the only bug that Zoom has recently been dealing with. The company has also fixed a handful of less serious vulnerabilities, including a time-of-check to time-of-use (TOCTOU) race condition bug affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Contact Center0 before. This bug is tracked as CVE-2026-53410 and received a “high” severity score of 7/10.
Other notable mentions include CVE-2026-53409 (a severe improper privilege management flaw in Zoom Rooms for Windows prior to version 7.1.0), and
CVE-2026-53411 (a high severity incorrect input validation bug affecting the Zoom Workplace VDI plugin for Windows before version 6.6.14).
Zoom found all of these vulnerabilities internally and says there is no evidence that any of these were previously exploited in real attacks.
Zoom Workplace (the company’s all-in-one collaboration platform) offers video conferencing, team chat, phone, email, calendar, scheduling, whiteboards and other productivity tools. It is a further development of the original Zoom Meetings app, which now competes with platforms such as Microsoft 365 and Google Workspace.
Via Bleeping Computer

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.



