Zoom has released emergency security updates addressing critical vulnerability CVE-2026-53412 with a CVSS score of 9.8 in the Zoom Workplace product line for Windows. The flaw allows an unauthenticated attacker to take over a user account via network access — without any interaction from the victim. The affected products are Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows. In addition to the critical vulnerability, the company has fixed three more high-severity privilege escalation vulnerabilities. All organizations using Zoom on Windows must immediately update their clients to the latest versions.
Critical vulnerability: CVE-2026-53412
According to the Zoom security bulletin (ZSB-26014), the root cause of the vulnerability is Improper Input Validation. Exploitation does not require authentication: an attacker can carry out the attack remotely over the network, which is why the issue received a maximum CVSS score of 9.8. Successful exploitation results in full account takeover.
The vulnerability affects three products:
- Zoom Desktop Client for Windows
- Zoom VDI Client for Windows
- Zoom Meeting SDK for Windows
The combination of factors — no need for authentication, a network attack vector, and a critical impact level — makes this vulnerability a top priority for immediate remediation. The entry in the NVD (CVE-2026-53412) is available for tracking.
Three additional high-severity vulnerabilities
At the same time, Zoom has addressed three vulnerabilities related to local privilege escalation:
CVE-2026-53411 — privilege escalation via VDI Plugin (CVSS 7.8)
An Improper Input Validation vulnerability in the Zoom Workplace VDI Plugin for Windows versions prior to 6.6.14. An authenticated user can escalate privileges via local access. Details are provided in bulletin ZSB-26013.
CVE-2026-53410 — TOCTOU race condition (CVSS 7.0)
A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the installation and uninstallation processes of several Zoom clients for Windows. An authenticated local user can exploit the race condition to escalate privileges. According to bulletin ZSB-26012, this vulnerability affects the largest number of products:
- Zoom Workplace for Windows — versions before 7.0.5
- Zoom Workplace VDI Client for Windows — versions before 6.5.17 and 6.6.14 (in the respective branches)
- Zoom Workplace VDI Plugin for Windows — versions before 6.5.17 and 6.6.14 (in the respective branches)
- Zoom Rooms for Windows — versions before 7.0.5
- Remote Control for Zoom Contact Center for Windows — versions before 7.0.0
CVE-2026-53409 — improper privilege management (CVSS 7.8)
A privilege management vulnerability in Zoom Rooms for Windows versions prior to 7.1.0, allowing an authenticated user to escalate privileges via local access. Details are available in bulletin ZSB-26011.
Impact assessment
The critical vulnerability CVE-2026-53412 poses the greatest threat to corporate environments where Zoom Workplace is deployed on a large number of Windows workstations. Account takeover over the network without authentication means that an attacker with network access to a target machine can potentially gain control of a Zoom account — and, through it, access to corporate communications, meeting recordings, and contact data.
The three privilege escalation vulnerabilities (CVE-2026-53411, CVE-2026-53410, CVE-2026-53409) require local access and authentication, which makes them less critical compared to CVE-2026-53412. However, in scenarios where an attacker has already obtained initial access to a system, these vulnerabilities can be used to escalate their attack. Organizations using VDI infrastructure and Zoom Rooms should pay particular attention — these products are often used in shared-access environments.
None of the four vulnerabilities has been added to the CISA KEV catalog, and as of the time the bulletins were published, there were no reports of active exploitation in real-world attacks.
Remediation recommendations
- Immediately update all Zoom clients for Windows to the latest versions: Zoom Workplace to 7.0.5 or later, VDI components to 6.5.17 or 6.6.14 (depending on the branch), Zoom Rooms to 7.1.0, Remote Control for Zoom Contact Center to 7.0.0.
- Take inventory of all Zoom installations in the corporate environment, including VDI plugins and the Meeting SDK, which may be integrated into third-party applications.
- Prioritize CVE-2026-53412 as critical — the CVSS 9.8 score and unauthenticated network vector place it in the highest priority category for patching.
- For organizations that cannot update immediately: restrict network access to machines running vulnerable Zoom versions using network segmentation and firewalls.
- Review logs for signs of anomalous activity related to Zoom accounts — even though no exploitation has been reported so far, public disclosure of vulnerability details increases the likelihood of exploit development.
Given the CVSS score of 9.8 and the possibility of remote exploitation without authentication, updating Zoom clients for Windows to patched versions should be carried out as part of an emergency patch cycle — without waiting for a scheduled maintenance window. The latest versions can be obtained via Zoom’s standard update mechanism or through corporate software management systems.