• 2 min read
Zoom fixes critical Windows flaw tied to account takeover
Zoom patched CVE-2026-53412, a critical Windows bug rated 9.8/10 that could allow remote account takeover. Several other high-severity flaws were fixed too.

Image: TechRadar
Zoom has patched a critical vulnerability in several Windows products that could have let attackers remotely take over user accounts. The flaw, tracked as CVE-2026-53412, is an improper input validation bug with a 9.8/10 severity rating.
According to Zoom’s security advisory, the issue affected:
- Zoom Desktop Client for Windows before version 7.0.0
- Zoom VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18
- Zoom Meeting SDK for Windows before version 7.0.0
Zoom did not provide technical details on how the bug works, but urged users to update to the latest versions.
The company also fixed several high-severity issues. Those include CVE-2026-53410, a time-of-check to time-of-use (TOCTOU) race condition rated 7/10, affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0.

Recommended reading
One in six PCs still run Windows 10
Also patched were CVE-2026-53409, an improper privilege management flaw in Zoom Rooms for Windows before version 7.1.0, and CVE-2026-53411, another improper input validation issue affecting the Zoom Workplace VDI Plugin for Windows before version 6.6.14.
Zoom said all of the vulnerabilities were found internally and that there is no evidence of exploitation in real-world attacks so far.
Zoom Workplace, the company’s broader collaboration suite, bundles video meetings, team chat, phone, email, calendar, scheduling, whiteboards, and other productivity tools as Zoom pushes beyond its original meetings app and competes with Microsoft 365 and Google Workspace.
Via BleepingComputer
Security Editor
Sophia unpacks the invisible wars happening on our networks. Covering cybersecurity, privacy legislation, and cryptography, she exposes how our data is weaponized and defended. Before joining for(geeks), she spent years as a penetration tester. She's the reason the rest of the team uses physical security keys.
via TechRadar


