Zoom Workplace for Windows - Improper Input Validation

  • ZSB-26014
  • CVE-2026-53412
  • Critical
  • 9.8
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

  • Zoom Workplace for Windows before version 7.0.0
  • Zoom Workplace VDI Client for Windows before version 7.0.10 and 6.6.15 and 6.5.18 in their respective branches
  • Zoom Meeting SDK for Windows before version 7.0.0

Reported by Zoom Offensive Security

Revision Date Description
1.0 07/14/2026

Initial publication.