Skip to main content

Zoom Rooms CVE-2026-53409

| EUVDEUVD-2026-45044 HIGH
Improper Input Validation (CWE-20)
2026-07-16 security@zoom.us GHSA-97jw-3fv7-jf6h
7.8
CVSS 3.1 · Vendor: zoom
Share

Severity by source

Vendor (zoom) PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.8 HIGH

Local privilege escalation by an already-authenticated low-privileged user (AV:L, PR:L, AC:L) yielding full host compromise (C:H/I:H/A:H) with no user interaction and no scope change.

3.1 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (zoom).

CVSS VectorVendor: zoom

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jul 16, 2026 - 23:03 EUVD
Analysis Generated
Jul 16, 2026 - 21:30 vuln.today
CVE Published
Jul 16, 2026 - 21:17 cve.org
HIGH 7.8

DescriptionCVE.org

Improper Privilege Management in Zoom Rooms for Windows before version 7.1.0 may allow an authenticated user to conduct an escalation of privilege via local access.

AnalysisAI

Local privilege escalation in Zoom Rooms for Windows before version 7.1.0 allows an authenticated low-privileged user to elevate to higher privileges via local access, with high impact to confidentiality, integrity, and availability (CVSS 7.8). Zoom's own security team (security@zoom.us) reported the flaw, classified as improper privilege management. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain authenticated local session on host
Delivery
Access over-privileged Zoom Rooms component
Exploit
Abuse improper privilege management
Execution
Escalate to higher privileges
Impact
Full control of Windows host

Vulnerability AssessmentAI

Exploitation Exploitation requires local, authenticated access to a Windows host running Zoom Rooms prior to version 7.1.0 (AV:L, PR:L) - the attacker must already possess a valid low-privileged local account or session. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are moderately concerning but not urgent. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with an ordinary authenticated local account on a Windows machine running a vulnerable Zoom Rooms client (for example, a shared conference-room PC or a lightly restricted kiosk) interacts with a locally exposed, over-privileged Zoom Rooms component to abuse improper privilege management. With low attack complexity and no user interaction required, they escalate to higher privileges and gain full control (C:H/I:H/A:H) of the host. …
Remediation Vendor-released patch: upgrade Zoom Rooms for Windows to version 7.1.0 or later, which resolves the improper privilege management issue per Zoom security bulletin ZSB-26011 (https://www.zoom.com/en/trust/security-bulletin/zsb-26011). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all Zoom Rooms for Windows systems and identify those running versions before 7.1.0; restrict physical access and local administrative account access to essential authorized personnel only. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-53409 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy