Input validation error in Zoom Video Communications, Inc. products - CVE-2026-53412
Published: July 14, 2026
Vulnerability identifier: #VU137494
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2026-53412
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Workplace VDI Plugin for Windows
Zoom Meeting SDK for Windows
Zoom Workplace Desktop App for Windows
Zoom Workplace VDI Plugin for Windows
Zoom Meeting SDK for Windows
Zoom Workplace Desktop App for Windows
Detailed vulnerability description
The vulnerability allows a remote attacker to conduct an account takeover.
The vulnerability exists due to improper input validation in Zoom Meeting SDK for Windows when handling network requests. A remote attacker can send crafted input to conduct an account takeover.
How to mitigate CVE-2026-53412
Install security update from vendor's website.