Critical Zoom Vulnerability Allows Account Takeover via Network Access

Critical Zoom Vulnerability Allows Account Takeover via Network Access

First seen 16 Jul 2026, 08:06 UTC BleepingcomputerHkcertSecurityaffairs.CoHeise.DeCybersecuritynews+2 87% similarity 75.8

Article Content

Browse articles
ThreatCluster

Zoom has patched a critical vulnerability in its Windows desktop client, tracked as CVE-2026-53412, which allows unauthenticated attackers to take over accounts via network access. This flaw, resulting from improper input validation, affects multiple versions of Zoom Workplace, VDI Client, and Meeting SDK for Windows. The vulnerability has a CVSS score of 9.8, indicating a high severity level. Users are advised to update to the latest versions to mitigate the risk. Additional vulnerabilities were also addressed, including privilege escalation issues in other Zoom products. No evidence has been reported of active exploitation of these vulnerabilities at the time of disclosure. Zoom's advisory emphasizes the importance of applying the latest updates promptly.

Key Points: • CVE-2026-53412 allows unauthenticated account takeover via network access. • Affected products include Zoom Workplace and VDI Client for Windows before specific versions. • Users are urged to update their software to mitigate risks from this critical vulnerability.

ThreatCluster AI

Timeline

2026-07-15
Zoom warns of critical vulnerability
Zoom disclosed a critical vulnerability in its Windows desktop client allowing account takeovers by unauthenticated users.
Bleepingcomputer
2026-07-16
Zoom releases security patches
Zoom released updates addressing CVE-2026-53412 and other vulnerabilities, urging users to apply them immediately.
Heise.De
2026-07-16
Multiple vulnerabilities identified in Zoom products
Zoom acknowledged several vulnerabilities, including privilege escalation risks, affecting various Windows versions.
Hkcert

Community

Browse all →