By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Cybersecurity Beat
Search
  • Home
  • News & Alerts
  • Articles
  • Features
  • Spotlight
  • About
    • Mission
    • Services
    • Contact
Reading: Zoom patches critical Windows flaw that allows account takeover
  • AI
  • Android
  • Authentication
  • Breaches
  • CASB
  • Compliance
  • Cryptography
  • Cyberinsurance
  • EDR
  • IAM
  • Malware
  • Phishing
  • Quantum
  • Ransomware
  • SecOps
  • SIEM
  • SOC
  • Threat Intelligence
  • Vulnerabilities
  • Zero Trust
Cybersecurity BeatCybersecurity Beat
Font ResizerAa
Search
  • News & Alerts
  • Articles
  • Spotlight
  • Features
  • Resources
Follow US
  • About CSB
  • Services
  • Contact
  • Privacy
  • Legal
©2026 CybersecurityBeat. All Rights Reserved.
News & Alerts

Zoom patches critical Windows flaw that allows account takeover

Zoom fixed CVE-2026-53412, a critical account takeover vulnerability with a CVSS score of 9.8 affecting Windows users.

CSBadmin
Last updated: July 18, 2026 1:24 pm
CSBadmin
1 Min Read
Share
SHARE

Zoom has patched CVE-2026-53412, a critical vulnerability with a CVSS score of 9.8 that could allow unauthenticated attackers to take over user accounts on Windows systems. The flaw stems from improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows.

Zoom’s Offensive Security team discovered the vulnerability. The company declined to release detailed technical information about the exploit mechanism while users deploy patches. The issue affects older versions of Zoom Workplace, the Windows VDI Client, and the Meeting SDK for Windows.

Alongside the critical bug, Zoom addressed three additional high-severity vulnerabilities. CVE-2026-53410 (CVSS 8.8) involves a race condition that could let an authenticated local user gain elevated privileges. CVE-2026-53409 (CVSS 8.8) is an improper privilege management flaw in Rooms for Windows, and CVE-2026-53411 (CVSS 8.8) is an input validation issue in the Workplace VDI Plugin. None of the vulnerabilities are currently under active exploitation.

Users should update to the latest versions as soon as possible.

CSBadmin

The latest in cybersecurity news and updates.

TAGGED:Account TakeoverCVE-2026-53410CVE-2026-53412patchvulnerabilityWindowsZoom
SOURCES:Security AffairsThe Hacker News
Share This Article
Facebook Print
ByCSBadmin
Follow:
The latest in cybersecurity news and updates.
Previous Article Russian hackers use fake Webex and Zoom installers to deliver Starland RAT
Next Article Spirals ransomware encrypts victim networks in under 24 hours

Trending

Spirals ransomware encrypts victim networks in under 24 hours
July 18, 2026
Russian hackers use fake Webex and Zoom installers to deliver Starland RAT
July 18, 2026
New NadMesh botnet hunts exposed AI services for cloud credentials
July 18, 2026
Grok Build uploaded entire Git repositories to xAI cloud storage
July 18, 2026
Claude for Chrome flaw lets rogue extensions read Gmail messages
July 18, 2026

Related Stories

CSBadmin

RabbitMQ flaws could leak OAuth secrets and expose cross-tenant queue metadata

CSBadmin

AWS Unveils Continuum for Automated Code Vulnerability Lifecycle

CSBadmin

Italian Police Dismantle Streaming Piracy App That Stole Legitimate Credentials

CSBadmin

REMUS Malware Operation Shows Rapid Commercial Evolution in Underground Markets

csb-sized
  • About CSB
  • Services
  • Contact
  • Privacy
  • Legal

© 2026 Cybersecurity Beat. All rights reserved.

Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?