Critical Zoom Windows Flient Flaw Lets Attackers Take Over Accounts via Network
Key Takeaways A critical vulnerability, CVE-2026-53412, has been discovered in Zoom’s Windows desktop client and VDI client. The flaw allows unauthenticated attackers to remotely seize control...
Key Takeaways
- A critical vulnerability, CVE-2026-53412, has been discovered in Zoom’s Windows desktop client and VDI client.
- The flaw allows unauthenticated attackers to remotely seize control of user accounts through network access.
- Zoom Workplace for Windows versions prior to 7.0.0 and Zoom Workplace VDI Client for Windows versions prior to 7.0.10, 6.6.15, and 6.5.18 are affected.
- With a CVSS score of 9.8, the vulnerability carries a “critical” severity rating, demanding immediate patching.
- Updates have been released by Zoom to address the issue.
Zoom has issued urgent updates for a severe vulnerability impacting its Windows desktop client, identified as CVE-2026-53412. This critical flaw could enable unauthenticated attackers to remotely compromise user accounts, posing a significant security risk.
Table Of Content
The vulnerability stems from inadequate input validation, potentially allowing malicious actors to perform account takeover attacks over a network connection. As detailed in the ZSB-26014 security bulletin, the issue has been assigned a CVSS score of 9.8, underscoring its high potential for exploitation and impact.
Affected Versions
The flaw affects several versions of Zoom’s Windows-based software. Specifically, Zoom Workplace for Windows versions earlier than 7.0.0 are vulnerable. For the Zoom Workplace VDI Client for Windows, affected versions include those prior to 7.0.10, 6.6.15, and 6.5.18 across their respective supported release branches.
Critical Flaw in Zoom Desktop Client for Windows
Zoom attributes the vulnerability to insufficient validation of input data. While the company has not publicly disclosed the precise technical details of the exploitation method, its advisory confirms that an unauthenticated remote attacker could leverage this weakness to gain control of a user’s account without requiring any prior authentication.
This vulnerability presents a substantial threat to organizations relying on Zoom, particularly those with Windows endpoints exposed to untrusted networks or lacking robust network segmentation. The potential for compromise is heightened by the fact that no user interaction, such as clicking a malicious link or opening a file, is required for successful exploitation.
A successful account takeover could grant attackers unauthorized access to sensitive meeting content, enable impersonation of legitimate users, facilitate changes to account settings, and even pave the way for further social engineering campaigns conducted from authenticated Zoom sessions.
Given the remote, unauthenticated nature of this vulnerability, immediate patching is imperative for all organizations. Zoom credits its Offensive Security team for uncovering this critical flaw. The initial advisory was published on July 14, 2026, and subsequently revised on July 15, 2026, with the revision clarifying that the Zoom Meeting SDK for Windows is not impacted.
What You Should Do
- Immediately identify all systems running vulnerable versions of Zoom Workplace and Zoom VDI Client for Windows.
- Update affected installations to the latest available versions from Zoom’s official download portal without delay.
- Utilize endpoint management tools to verify that all deployed instances are running the patched versions.
- Prioritize patching for devices used by administrators, executives, support staff, and any personnel who frequently access confidential meetings.
- Monitor Zoom accounts for any unusual activity, including unexpected session changes, unauthorized configuration modifications, or suspicious login attempts, following the patch deployment.
Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.



No Comment! Be the first one.