Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated remote low-complexity account takeover gives C:H/I:H and PR:N/UI:N; A set to N since account takeover impacts confidentiality and integrity, not availability as described.
Primary rating from Vendor (Zoom).
CVSS VectorVendor: Zoom
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.
AnalysisAI
Account takeover in Zoom's Windows client family - the Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows - lets a remote, unauthenticated attacker seize control of a victim's account by sending crafted input over the network, per Zoom's security bulletin ZSB-26014. The flaw stems from improper input validation (CWE-20) and carries a vendor CVSS of 9.8, reflecting full confidentiality, integrity, and availability impact with no privileges or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Per the CVSS vector (AV:N/AC:L/PR:N/UI:N), exploitation requires no authentication and no user interaction - an unauthenticated attacker with network access to a Windows Zoom Desktop Client, VDI Client, or an application built on the Zoom Meeting SDK for Windows can trigger it. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 9.8) signals a worst-case profile: remote, low-complexity, unauthenticated, no user interaction, with full triad impact - precisely the pattern that warrants urgent remediation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote attacker sends specially crafted, malformed input to a targeted Zoom Windows client or an application embedding the Meeting SDK, abusing the missing input validation to manipulate authentication or session handling and take over the associated account without any credentials or user interaction. Given AV:N/AC:L, the attacker needs only network reachability to the client and no local access. … |
| Remediation | Apply the update referenced in Zoom's advisory - Patch available per vendor advisory (ZSB-26014, https://www.zoom.com/en/trust/security-bulletin/zsb-26014); the input data does not include an exact fixed version number, so consult the bulletin for the specific patched build and upgrade the Zoom Desktop Client, VDI Client, and Meeting SDK for Windows to it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all Windows Zoom users in your organization and alert them to monitor for unauthorized account access or suspicious meeting activity, then enable detailed logging on all Zoom accounts to capture potential compromise attempts. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-20 – Improper Input Validation
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-45048
GHSA-xq34-4qgv-ggmc