CVE-2026-53407
published 2026-06-12CVE-2026-53407: Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.23%
13.8th percentile
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zoom | workplace | < 7.0.3 | 7.0.3 |
| zoom | workplace | < 7.0.4 | 7.0.4 |
| zoom_communications | zoom_workplace | < 7.0.4 | 7.0.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Zoom Workplace/Meeting SDK on iOS/Android Custom URL Scheme improper authorization (EUVD-2026-36522)
vuldb·2026-06-13·CVSS 8.1
CVE-2026-53407 [HIGH] Zoom Workplace/Meeting SDK on iOS/Android Custom URL Scheme improper authorization (EUVD-2026-36522)
A vulnerability was found in Zoom Workplace and Meeting SDK on iOS/Android and classified as critical. Impacted is an unknown function of the component Custom URL Scheme Handler. Such manipulation leads to improper authorization.
This vulnerability is documented as CVE-2026-53407. The attack can be executed remotely. There is not any exploit available.
It is suggested to upgrade the affected component.
GHSA
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privil
ghsa_unreviewed·2026-06-12
CVE-2026-53407 [HIGH] CWE-939 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privil
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published