Back to overview

CVE-2026-53412

CRITICAL
9.8
CVSS 3.1
Description
Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

Metadata

CVE ID
CVE-2026-53412
State
PUBLISHED
Assigner
Zoom
Reserved
2026-06-09 10:18 UTC
Published
2026-07-16 21:15 UTC
Last updated
2026-07-16 21:15 UTC
Primary CWE
CWE-20
CWE-20 Improper input validation
Vendor / Product
Zoom Communications / Zoom Workplace for Windows
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products (1)
VendorProductPlatformVersions
Zoom Communications Zoom Workplace for Windows Windows 0 < 7.0.0
Weakness (CWE)
CWESourceDescription
CWE-20 cna CWE-20 Improper input validation
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 cna CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Back to overview