{"id":290315,"date":"2026-07-16T03:37:00","date_gmt":"2026-07-16T07:37:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/16\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug\/"},"modified":"2026-07-16T14:55:11","modified_gmt":"2026-07-16T18:55:11","slug":"zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/16\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug\/","title":{"rendered":"Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/195454\/security\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug.html?amp\">Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/195454\/security\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug.html?amp\">https:\/\/securityaffairs.com\/195454\/security\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug.html?amp<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-16 03:37:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> July 16, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2020\/06\/zoom-logo-999x666-1.jpg?fit=999%2C666&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Zoom warns of a critical Windows flaw, tracked as CVE-2026-53412, that could let attackers take over accounts without authentication.<\/h2>\n<p class=\"wp-block-paragraph\">Zoom has fixed a critical Windows vulnerability, tracked as CVE-2026-53412 (CVSS score of 9.8) that could allow unauthenticated attackers to hijack user accounts. The flaw affects older versions of Workplace, the Windows VDI Client, and the Meeting SDK for Windows. <\/p>\n<p class=\"wp-block-paragraph\">\u201cImproper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.\u201d reads the advisory.<\/p>\n<p class=\"wp-block-paragraph\">The company Offensive Security team discovered the vulnerability. The company did not provide technical details about the vulnerability.<\/p>\n<p class=\"wp-block-paragraph\">The company also addressed the following vulnerabilities:<\/p>\n<ul class=\"wp-block-list\">\n<li><strong>CVE-2026-53410 (CVSS score of 8.8)<\/strong> \u2013 A race condition in Zoom Workplace, VDI Client\/Plugin, Rooms, and Remote Control for Zoom Contact Center on Windows could let an authenticated local user gain higher privileges during installation or uninstallation.<\/li>\n<li><strong>CVE-2026-53409 (CVSS<strong> score of<\/strong> 8.8)<\/strong> \u2013 An improper privilege management flaw in Rooms for Windows could let an authenticated local user escalate privileges.<\/li>\n<li><strong>CVE-2026-53411 (CVSS<strong> score of <\/strong> 8.8)<\/strong> \u2013 An input validation flaw in the Workplace VDI Plugin for Windows could let an authenticated local user gain elevated privileges.<\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">Users should update to the latest versions as soon as possible.<\/p>\n<p class=\"wp-block-paragraph\">None of the above issues is currently under active exploitation in the wild.<\/p>\n<p class=\"wp-block-paragraph\">In January, the Cloud-based video conferencing and online collaboration platform released security updates to address multiple vulnerabilities, including command injection, tracked as CVE-2026-22844 (CVSS score of 9.9), in Node Multimedia Routers (MMRs)&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/195454\/security\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug.html?amp\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug https:\/\/securityaffairs.com\/195454\/security\/zoom-fixes-cve-2026-53412-a-critical-account-takeover-bug.html?amp Publish Date: 2026-07-16 03:37:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":290316,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/06\/zoom-logo-999x666-1.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-290315","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/290315"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=290315"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/290315\/revisions"}],"predecessor-version":[{"id":290317,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/290315\/revisions\/290317"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/290316"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=290315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=290315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=290315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}