Zoom Workplace for Windows - Improper Input Validation

  • ZSB-26014
  • CVE-2026-53412
  • Critical
  • 9.8
  • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Improper Input Validation in Zoom Desktop Client for Windows and Zoom VDI Client for Windows may allow an unauthenticated user to conduct an account takeover via network access.

 

Users can help keep themselves secure by applying the latest updates available at https://zoom.us/download.

  • Zoom Workplace for Windows before version 7.0.0
  • Zoom Workplace VDI Client for Windows before version 7.0.10 and 6.6.15 and 6.5.18 in their respective branches

Reported by Zoom Offensive Security

Revision Date Description
1.1 07/15/2026

Removed Meeting SDK for Windows as an affected product.

1.0 07/14/2026

Initial publication.