Skip to main content

Zoom Workplace For Windows

1 CVEs product

Monthly

CVE-2026-53412 CRITICAL PATCH NEWS Act Now

Account takeover in Zoom's Windows client family - the Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows - lets a remote, unauthenticated attacker seize control of a victim's account by sending crafted input over the network, per Zoom's security bulletin ZSB-26014. The flaw stems from improper input validation (CWE-20) and carries a vendor CVSS of 9.8, reflecting full confidentiality, integrity, and availability impact with no privileges or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated network vector makes it a high-priority patch.

Information Disclosure Microsoft Zoom Workplace For Windows
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Account takeover in Zoom's Windows client family - the Zoom Desktop Client, Zoom VDI Client, and Zoom Meeting SDK for Windows - lets a remote, unauthenticated attacker seize control of a victim's account by sending crafted input over the network, per Zoom's security bulletin ZSB-26014. The flaw stems from improper input validation (CWE-20) and carries a vendor CVSS of 9.8, reflecting full confidentiality, integrity, and availability impact with no privileges or user interaction. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the unauthenticated network vector makes it a high-priority patch.

Information Disclosure Microsoft Zoom Workplace For Windows
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy