CVE-2026-53408

Published: Jun 12, 2026Modified: Jun 12, 2026

8.1

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.8 / Impact: 5.2

Source: security@zoom.us (Secondary)

Description

Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.

Related CWEs

CWE-939

Improper Authorization in Handler for Custom URL Scheme

The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.

References (1)

https://www.zoom.com/en/trust/security-bulletin/zsb-26010

Source: security@zoom.us

Timeline

No history available yet.