Critical Zoom Vulnerability Allows Unauthenticated Account Takeover

Critical Zoom Vulnerability Allows Unauthenticated Account Takeover

First seen 16 Jul 2026, 08:06 UTC BleepingcomputerThehackernewsSecurityaffairs.CoSecurityaffairsHkcert+10 89% similarity 72.8

Article Content

Browse articles
ThreatCluster

Zoom has patched a critical vulnerability (CVE-2026-53412) in its Windows desktop client and VDI software that could allow unauthenticated attackers to take over user accounts via network access. The flaw, rated 9.8 out of 10 on the CVSS scale, stems from improper input validation and affects multiple versions of Zoom Workplace and the VDI Client for Windows. Users are urged to update immediately to mitigate potential exploitation, as the vulnerability could lead to unauthorized access to sensitive meetings and data. No evidence of active exploitation has been reported, but the nature of the vulnerability poses significant risks to enterprises using Zoom for collaboration. Additional vulnerabilities were also patched in this update, including privilege escalation issues. The security advisory emphasizes the urgency for organizations to apply the latest updates without delay.

Key Points: • CVE-2026-53412 allows unauthenticated account takeover via network access. • Zoom's vulnerability has a CVSS score of 9.8, indicating critical severity. • Users must update to the latest versions of affected Zoom products immediately.

ThreatCluster AI

Timeline

2026-01-20
CVE-2026-22844 published
Vulnerability assigned a CVE identifier and published in the National Vulnerability Database.
MITRE
2026-07-14
Zoom discloses critical vulnerability
Zoom identifies CVE-2026-53412, allowing unauthenticated account takeover via network access, affecting multiple Windows products.
Gbhackers
2026-07-15
Zoom issues security bulletin
Zoom releases a security bulletin detailing the critical vulnerability and urges users to apply patches.
BleepingComputer
2026-07-16
Zoom patches vulnerabilities
Zoom releases updates to fix CVE-2026-53412 and additional high-severity vulnerabilities affecting Windows clients.
Csoonline

Community

Browse all →