Zoom released security updates to fix multiple vulnerabilities across several products, warning that successful exploitation could allow attackers to gain elevated privileges on affected systems. The most prominent issue, CVE-2026-53407 with a CVSS 8.1, is an improper authorization flaw in the handler for a custom URL scheme in Zoom Workplace Mobile Clients.
Affected products include Zoom Workplace for Android and iOS, Zoom Meeting SDK for Android and iOS, and Remote Control for Zoom Contact Center for Windows. Zoom provided fixed versions for the impacted software, and the advisory urges enterprises to deploy the patches as soon as internal testing is complete to reduce exposure.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
1 event from the most recent confirmed update back to the earliest known activity.
On June 10, 2026, Zoom released security updates to remediate multiple vulnerabilities affecting several Zoom products, including issues that could allow elevated privileges. The notice highlighted CVE-2026-53407, an improper authorization flaw in the custom URL scheme handler in Zoom Workplace Mobile Clients, and provided fixed versions for affected products.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
2 references tracked. Mallory keeps watching after this page renders.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.