Zoom fixes critical security flaw that could have allowed hackers to hijack accounts


  • Zoom fixes a critical improper input validation flaw in multiple Windows clients and SDKs that allowed remote account takeover
  • Additional high severity bugs fixed include CVE‑2026‑53410 (TOCTOU race condition), CVE‑2026‑53409 (privilege management flaw), and CVE‑2026‑53411 (input validation issue).
  • All vulnerabilities were found internally, with no evidence of exploitation; users are advised to update Zoom Workplace and related products to the latest versions

Zoom fixed a critical-level vulnerability in multiple products that allowed malicious actors to take control of people’s accounts remotely.

In a security advisory, Zoom said it fixed an improper input validation bug affecting Zoom Desktop Client for Windows (before version 7.0.0), Zoom VDI Client for Windows (before versions 7.0.10, 6.6.15, and 6.5.18), and Zoom Meeting SDK for Windows (before version 7.0.0). He did not go into further detail on how the flaw works.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top