Zoom has released fixes for a critical Windows vulnerability, CVE-2026-53412, that could let an unauthenticated attacker take over user accounts over the network. The flaw, caused by improper input validation and rated CVSS 9.8, affects older versions of Zoom Workplace for Windows and the Zoom VDI Client for Windows; some reports also said the Meeting SDK for Windows was impacted, while a later advisory revision clarified the SDK was not affected. Zoom credited its Offensive Security team with finding the issue and urged customers to quickly identify vulnerable installations and apply patched versions.
The company also fixed three high-severity local privilege escalation bugs—CVE-2026-53409, CVE-2026-53410, and CVE-2026-53411—across multiple Windows components, including Workplace, VDI, Zoom Rooms, and Contact Center-related software. Zoom said it had no evidence of in-the-wild exploitation at the time of disclosure, but advised organizations to update immediately and monitor for suspicious account or session activity following remediation.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
3 events from the most recent confirmed update back to the earliest known activity.
Alongside CVE-2026-53412, Zoom patched CVE-2026-53410, CVE-2026-53409, and CVE-2026-53411, three high-severity Windows vulnerabilities that could enable local authenticated privilege escalation. The issues affected various Zoom Workplace, VDI, Zoom Rooms, and Contact Center components depending on the product branch.
Zoom revised Security Bulletin ZSB-26014 and continued warning users to update immediately for CVE-2026-53412. Across the disclosures, Zoom said its Offensive Security team discovered the flaw and that it had no indication of in-the-wild exploitation.
Zoom published Security Bulletin ZSB-26014 disclosing CVE-2026-53412, a critical improper input validation vulnerability in its Windows products that could allow unauthenticated account takeover via network access. The advisory also accompanied security updates for affected Zoom Workplace and VDI Client versions.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
7 references tracked. Mallory keeps watching after this page renders.
securityweek.com
Open sourcecybersecuritynews.com
Open sourcesecurityaffairs.com
Open sourcethehackernews.com
Open sourcecsoonline.com
Open sourcebleepingcomputer.com
Open sourcezoom.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.