Improper input validation in Zoom Communications Workplace For Windows

CVE-2026-53412

Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2026-53412?
CVE-2026-53412 is a critical-severity vulnerability in Zoom Communications Workplace For Windows, classified under Improper Input Validation. CVSS score: 9.8/10. Published 2026-07-16.
How severe is CVE-2026-53412?
Critical severity. CVSS v3 base score is 9.8 out of 10.