CVE-2026-53412 (GCVE-0-2026-53412)

Vulnerability from cvelistv5 – Published: 2026-07-16 21:15 – Updated: 2026-07-17 13:18
VLAI
Title
Zoom Workplace VDI Plugin for Windows - Improper Input Validation
Summary
Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-20 - Improper input validation
Assigner
Impacted products
Date Public
2026-07-14 12:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-53412",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-17T13:18:39.757372Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-17T13:18:46.094Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows"
          ],
          "product": "Zoom Workplace for Windows",
          "vendor": "Zoom Communications",
          "versions": [
            {
              "lessThan": "7.0.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2026-07-14T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access."
            }
          ],
          "value": "Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper input validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-16T21:15:25.664Z",
        "orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
        "shortName": "Zoom"
      },
      "references": [
        {
          "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26014"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Zoom Workplace VDI Plugin for Windows - Improper Input Validation",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351",
    "assignerShortName": "Zoom",
    "cveId": "CVE-2026-53412",
    "datePublished": "2026-07-16T21:15:25.664Z",
    "dateReserved": "2026-06-09T10:18:05.660Z",
    "dateUpdated": "2026-07-17T13:18:46.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53412",
      "date": "2026-07-17",
      "epss": "0.00508",
      "percentile": "0.39952"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53412\",\"sourceIdentifier\":\"security@zoom.us\",\"published\":\"2026-07-16T22:17:31.380\",\"lastModified\":\"2026-07-17T18:08:08.140\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.\"}],\"affected\":[{\"source\":\"security@zoom.us\",\"affectedData\":[{\"vendor\":\"Zoom Communications\",\"product\":\"Zoom Workplace for Windows\",\"defaultStatus\":\"unaffected\",\"platforms\":[\"Windows\"],\"versions\":[{\"version\":\"0\",\"lessThan\":\"7.0.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@zoom.us\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-07-17T13:18:39.757372Z\",\"id\":\"CVE-2026-53412\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"security@zoom.us\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"references\":[{\"url\":\"https://www.zoom.com/en/trust/security-bulletin/zsb-26014\",\"source\":\"security@zoom.us\"}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"Zoom Workplace VDI Plugin for Windows - Improper Input Validation\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Zoom Communications\", \"product\": \"Zoom Workplace for Windows\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"7.0.0\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\"], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-07-14T12:00:00.000Z\", \"references\": [{\"url\": \"https://www.zoom.com/en/trust/security-bulletin/zsb-26014\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Input Validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an account takeover via network access.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20 Improper input validation\"}]}], \"providerMetadata\": {\"orgId\": \"99b9af0d-a833-4a5d-9e2f-8b1324f35351\", \"shortName\": \"Zoom\", \"dateUpdated\": \"2026-07-16T21:15:25.664Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-53412\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-07-17T13:18:39.757372Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-07-17T13:18:42.970Z\"}}]}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-53412\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-16T21:15:25.664Z\", \"dateReserved\": \"2026-06-09T10:18:05.660Z\", \"assignerOrgId\": \"99b9af0d-a833-4a5d-9e2f-8b1324f35351\", \"datePublished\": \"2026-07-16T21:15:25.664Z\", \"assignerShortName\": \"Zoom\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…