Zoom Clients for Windows - Race Condition

  • ZSB-26012
  • CVE-2026-53410
  • High
  • 7
  • https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

A time-of-check to time-of-use (TOCTOU) race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

  • Zoom Workplace for Windows before version 7.0.5
  • Zoom Workplace VDI Client for Windows before 6.5.17 and 6.6.14 in their respective branch
  • Zoom Workplace VDI plugin for Windows before 6.5.17 and 6.6.14 in their respective branch
  • Zoom Rooms for Windows before 7.0.5
  • Remote Control for Zoom Contact Center for Windows before version 7.0.0

Reported by sim0nsecurity

Revision Date Description
1.0 07/14/2026

Initial publication.