Zoom Workplace Mobile Clients - Improper Authorization in Handler for Custom URL Scheme

Bulletin: ZSB-26010
CVEID: CVE-2026-53407, CVE-2026-53408
CVSS Severity: High
CVSS Score: 8.1
CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description:

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

Affected Products:

Zoom Workplace for Android before version 7.0.4
Zoom Workplace for iOS before version 7.0.3
Zoom Meeting SDK for Android before version 7.0.4
Zoom Meeting SDK for iOS before version 7.0.3

Source:

Reported by Dimitrios Valsamaras

Revision	Date	Description
1.0	06/09/2026	Initial publication.

Zoom Workplace Mobile Clients - Improper Authorization in Handler for Custom URL Scheme

Subscribe for updates