01
CriticalPatchedZoom for Windows
Zoom patches a CVSS 9.8 flaw that lets an unauthenticated attacker take over a Windows account over the network
No credentials, no user interaction, no special conditions. The attacker needs network access to a vulnerable Zoom client and nothing else. Update to Zoom Workplace 7.0.0 on Windows. No exploitation has been confirmed in the wild yet.
CVECVE-2026-53412
CVSS9.8
Fixed inZoom Workplace
Windows 7.0.0
Windows 7.0.0
ExploitedNot confirmed
What happened
Zoom published security bulletin ZSB-26014 disclosing CVE-2026-53412, a critical improper input validation flaw in the Zoom Desktop Client for Windows, the Zoom VDI Client for Windows, and the Zoom Meeting SDK for Windows. The flaw allows an unauthenticated attacker to take over a Zoom account via network access. The CVSS vector requires no prior privileges, no user interaction, and no special conditions beyond network reach. Zoom's own offensive security team discovered the vulnerability. No technical details about how the takeover is achieved have been published. The fix is in Zoom Workplace for Windows 7.0.0, Zoom Meeting SDK for Windows 7.0.0, and various VDI Client branch updates. The same release patches three additional high-severity flaws covering privilege escalation during installation and local access scenarios. None of the four vulnerabilities have confirmed in-the-wild exploitation as of today.
Why it matters
A successful Zoom account takeover gives an attacker access to archived chat history, shared files, cloud recordings, and any SSO connections that tie the Zoom account to broader corporate identity infrastructure. Zoom is one of the most widely installed enterprise applications on Windows desktops. Clients managed by end users rather than centrally pushed updates are the biggest risk: in most organizations, a significant portion of the fleet will be running an older version for weeks after a patch ships.
Don't miss
Zoom does not force client updates. Users running older versions remain exposed until they update manually or an administrator pushes the update through MDM or endpoint management tooling. This is not an unusual gap, but a CVSS 9.8 account takeover with no exploitation confirmed yet is a narrow window to close proactively before proof-of-concept code appears. The absence of published technical details does not mean the attack is difficult to reverse-engineer from the patch diff.
Potential actions
- Push Zoom Workplace for Windows 7.0.0 to all managed endpoints immediately through MDM, Intune, SCCM, or your endpoint management tool. Do not rely on users to self-update for a CVSS 9.8 flaw.
- Check deployed versions across your fleet before assuming the update has landed. Zoom version reporting is available through endpoint management platforms and should be queried within 24 hours to confirm coverage.
The Sip
Unauthenticated account takeover, CVSS 9.8, no exploitation confirmed yet. That last part is the opportunity. The patch is available. The window between patch publication and the first working exploit is measured in days, not weeks. Push the update now rather than after proof-of-concept code surfaces.