Zoom has disclosed CVE-2026-53412, a critical improper input validation flaw in Zoom Workplace for Windows, the Zoom VDI Client, and the Zoom Meeting SDK for Windows that could let an unauthenticated attacker take over accounts over the network. The company has released fixes and says there is no evidence the issue or the other patched flaws are being actively exploited. #Zoom #CVE-2026-53412
Keypoints
- Zoom warned of a critical Windows vulnerability with a 9.8 severity score.
- CVE-2026-53412 could allow unauthenticated account takeover via network access.
- The flaw affects Zoom Workplace for Windows, the Windows VDI Client, and the Meeting SDK for Windows.
- Zoom advises users to install the latest updates to mitigate the risk.
- Additional patches fix three high-severity privilege escalation flaws in Zoom products.