Index  ›  defence  ›  TechRadar
defence · TechRadar ↗

Zoom patches critical security flaw which could have let hackers hijack accounts

TechRadar Published Jul 16, 2026 Reviewed Jul 16, 2026 ✓ Reviewed by citations.press editors
Zoom patched a critical-level vulnerability tracked as CVE-2026-53412 with a severity score of 9.8/10 affecting Zoom Desktop Client for Windows before version 7.0.0, Zoom VDI Client for Windows before versions 7.0.10, 6.6.15, and 6.5.18, and Zoom Meeting SDK for Windows before version 7.0.0.
9.8 /10 · severity score
Zoom patched a high-severity vulnerability tracked as CVE-2026-53410 with a severity score of 7/10 affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0.
7 /10 · severity score
Zoom found all of the vulnerabilities in-house and says there is no evidence that any of these were abused in real-life attacks in the past.

Zoom has patched a critical-level vulnerability in multiple products that allowed threat actors to take over people’s accounts remotely.

In a security advisory, Zoom said it fixed an Improper Input Validation bug plaguing Zoom Desktop Client for Windows (before version 7.0.0), Zoom VDI Client for Windows (before versions 7.0.10, 6.6.15, and 6.5.18), and Zoom Meeting SDK for Windows (before version 7.0.0). It did not go into more details on how the flaw works.

The bug is now tracked as CVE-2026-53412, and was given a severity score of 9.8/10 (critical). To fix it, users are advised to update their software to the newest version.

While certainly the most dangerous one, this is not the only bug Zoom recently addressed. The company also fixed a handful of less severe vulnerabilities, including a time-of-check to time-of-use (TOCTOU) race condition bug affecting Zoom Workplace for Windows before 7.0.5, Zoom Workplace VDI Client and VDI Plugin before 6.5.17/6.6.14, Zoom Rooms for Windows before 7.0.5, and Remote Control for Zoom Contact Center before 7.0.0. This bug is tracked as CVE-2026-53410 and was given a “high” severity score of 7/10.

Other notable mentions include CVE-2026-53409 (a high-severity improper privilege management flaw in Zoom Rooms for Windows before version 7.1.0), and

CVE-2026-53411 (a high-severity improper input validation flaw affecting the Zoom Workplace VDI Plugin for Windows before version 6.6.14).

Zoom found all of these vulnerabilities in-house and says there is no evidence that any of these were abused in real-life attacks in the past.

Zoom Workplace (the company’s all-in-one collaboration platform) offers video meetings, team chat, phone, email, calendar, scheduling, whiteboards, and other productivity tools. It is an evolution of the original Zoom Meetings app which now competes with platforms such as Microsoft 365 and Google Workspace.

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Please logout and then login again, you will then be prompted to enter your display name.

This article was originally published by TechRadar ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error