- Zoom fixes critical incorrect input validation flaw in multiple clients and Windows SDK that allowed remote account takeover
- Other high severity bugs fixed include CVE-2026-53410 (TOCTOU race condition), CVE-2026-53409 (privilege management flaw), and CVE-2026-53411 (input validation issue).
- All vulnerabilities were found internally, with no evidence of exploitation; Users are urged to update Zoom Workplace and related products to the latest versions.
Zoom has fixed a critical-level vulnerability in multiple products that allowed threat actors to take over people’s accounts remotely.
In a security advisory, Zoom said it fixed an incorrect input validation bug affecting Zoom Desktop Client for Windows (before version 7.0.0), Zoom VDI Client for Windows (before versions 7.0.10, 6.6.15, and 6.5.18), and Zoom Meeting SDK for Windows (before version 7.0.0). He did not go into further detail about how the glitch works.
The bug is now tracked as CVE-2026-53412 and has been assigned a severity score of 9.8/10 (critical). To fix this, users are advised to update their software to the latest version.
More vulnerabilities
While it is undoubtedly the most dangerous, this is not the only bug that Zoom has recently fixed. The company also fixed a handful of less serious vulnerabilities, including a time-of-check-to-use (TOCTOU) race condition bug affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. This bug is tracked as CVE-2026-53410 and was assigned a “high” severity score of 7/10.
Other notable mentions include CVE-2026-53409 (a high-severity improper privilege management flaw in Zoom Rooms for Windows before version 7.1.0) and
CVE-2026-53411 (a high severity incorrect input validation flaw affecting the Zoom Workplace VDI plugin for Windows before version 6.6.14).
Zoom found all of these vulnerabilities internally and says there is no evidence that any of them have been abused in real-life attacks in the past.
Zoom Workplace (the company’s all-in-one collaboration platform) offers video conferencing, team chat, phone, email, calendar, scheduling, whiteboards, and other productivity tools. It’s an evolution of the original Zoom Meetings app that now competes with platforms like Microsoft 365 and Google Workspace.
Through beepcomputer

The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.




