Zoom patches critical security flaw which could have let hackers hijack accounts
Zoom has patched a critical-level vulnerability in multiple products that allowed threat actors to take over people’s accounts remotely.
In a security advisory, Zoom said it fixed an Improper Input Validation bug plaguing Zoom Desktop Client for Windows (before version 7.0.0), Zoom VDI Client for Windows (before versions 7.0.10, 6.6.15, and 6.5.18), and Zoom Meeting SDK for Windows (before version 7.0.0). It did not go into more details on how the flaw works.
The bug is now tracked as CVE-2026-53412, and was given a severity score of 9.8/10 (critical). To fix it, users are advised to update their software to the newest version.
While certainly the most dangerous one, this is not the only bug Zoom recently addressed. The company also fixed a handful of less severe vulnerabilities, including a time-of-check to time-of-use (TOCTOU) race condition bug affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. This bug is tracked as CVE-2026-53410 and was given a “high” severity score of 7/10.
Other notable mentions include CVE-2026-53409 (a high-severity improper privilege management flaw in Zoom Rooms for Windows before version 7.1.0), and
CVE-2026-53411 (a high-severity improper input validation flaw affecting the Zoom Workplace VDI Plugin for Windows before version 6.6.14).
Zoom found all of these vulnerabilities in-house and says there is no evidence that any of these were abused in real-life attacks in the past.
Zoom Workplace (the company’s all-in-one collaboration platform) offers video meetings, team chat, phone, email, calendar, scheduling, whiteboards, and other productivity tools. It is an evolution of the original Zoom Meetings app which now competes with platforms such as Microsoft 365 and Google Workspace.
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Please logout and then login again, you will then be prompted to enter your display name.
