Overview
- Zoom published updates that fix a critical unauthenticated remote account-takeover flaw (CVE-2026-53412) that could let an attacker on the network take over Zoom accounts without logging in.
- The company also patched three separate high-risk local privilege-escalation bugs (CVE-2026-53411, CVE-2026-53409, CVE-2026-53410) that let signed-in or local users raise their system rights in affected Zoom components.
- Affected software ranges across Zoom Desktop Client, multiple Zoom VDI clients and plugins, Zoom Rooms, Workplace builds and Remote Control for Contact Center on Windows and must be updated to the versions listed in Zoom’s advisory.
- Zoom made updated installers available on its download portal but provided minimal technical detail and no temporary mitigations, increasing operational risk for systems that cannot patch immediately.
- Administrators and users are urged to install the fixes right away and can speed bulk updates on Windows with tools such as Microsoft’s winget; organizations with large VDI deployments should prioritize patching and inventory checks.