Zoom fixes critical security flaw that could have let hackers hijack accounts


  • Zoom fixes critical incorrect input validation errors in several Windows clients and SDKs that allowed external account takeover
  • Additional high severity bugs fixed include CVE-2026-53410 (TOCTOU race condition), CVE-2026-53409 (privilege management flaw), and CVE-2026-53411 (input validation issue)
  • All vulnerabilities were found internally with no evidence of exploitation; users are encouraged to update Zoom Workplace and related products to the latest versions

Zoom has fixed a critical-level vulnerability in several products that allowed threat actors to take over people’s accounts remotely.

In a security advisory, Zoom said it fixed an incorrect input validation bug plaguing Zoom Desktop Client for Windows (prior to version 7.0.0), Zoom VDI Client for Windows (prior to versions 7.0.10, 6.6.15 and 6.5.18) and Zoom Meeting SDK for Windows (prior to version 7.00). It did not go into more detail about how the bug works.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top