- Zoom fixes a critical improper input validation flaw in multiple Windows clients and SDKs that allowed remote account takeover
- Additional high severity bugs fixed include CVE‑2026‑53410 (TOCTOU race condition), CVE‑2026‑53409 (privilege management flaw), and CVE‑2026‑53411 (input validation issue).
- All vulnerabilities were found internally, with no evidence of exploitation; users are advised to update Zoom Workplace and related products to the latest versions
Zoom fixed a critical-level vulnerability in multiple products that allowed malicious actors to take control of people’s accounts remotely.
In a security advisory, Zoom said it fixed an improper input validation bug affecting Zoom Desktop Client for Windows (before version 7.0.0), Zoom VDI Client for Windows (before versions 7.0.10, 6.6.15, and 6.5.18), and Zoom Meeting SDK for Windows (before version 7.0.0). He did not go into further detail on how the flaw works.
The bug is now tracked as CVE-2026-53412 and has received a severity score of 9.8/10 (critical). To resolve this issue, users are advised to update their software to the latest version.
More vulnerabilities
While it’s certainly the most dangerous, it’s not the only bug Zoom has recently fixed. The company also fixed a handful of less serious vulnerabilities, including a time-of-check-time-of-use (TOCTOU) race condition bug affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plug-in before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. This bug is tracked as CVE-2026-53410 and received a “high” severity score of 7/10.
Other notable mentions include CVE-2026-53409 (a high-severity improper privilege handling flaw in Zoom Rooms for Windows before version 7.1.0) and
CVE-2026-53411 (high severity improper input validation vulnerability affecting the Zoom Workplace VDI plugin for Windows before 6.6.14).
Zoom found all of these vulnerabilities internally and says there is no evidence that any of them have been exploited in real attacks in the past.
Zoom Workplace (the company’s all-in-one collaboration platform) offers video meetings, team chats, phone calls, email, calendar, scheduling, whiteboards, and other productivity tools. It’s an evolution of the original Zoom Meetings app that now competes with platforms like Microsoft 365 and Google Workspace.
Via BeepComputer

The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.




