CVE-2026-53408
published 2026-06-12CVE-2026-53408: Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an…
PriorityP351high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
EPSS
0.21%
11.4th percentile
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zoom | meeting_software_development_kit | < 7.0.3 | 7.0.3 |
| zoom | meeting_software_development_kit | < 7.0.4 | 7.0.4 |
| zoom | workplace | < 7.0.3 | 7.0.3 |
| zoom | workplace | < 7.0.4 | 7.0.4 |
| zoom_communications | zoom_workplace | < 7.0.4 | 7.0.4 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privil
ghsa_unreviewed·2026-06-12
CVE-2026-53408 [HIGH] CWE-939 Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privil
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
VulDB
Zoom Workplace/Meeting SDK Custom URL Scheme improper authorization in handler for custom url scheme (EUVD-2026-36523)
vuldb·2026-06-12·CVSS 8.1
CVE-2026-53408 [HIGH] Zoom Workplace/Meeting SDK Custom URL Scheme improper authorization in handler for custom url scheme (EUVD-2026-36523)
A vulnerability marked as critical has been reported in Zoom Workplace and Meeting SDK. The affected element is an unknown function of the component Custom URL Scheme Handler. This manipulation causes improper authorization in handler for custom url scheme.
This vulnerability is tracked as CVE-2026-53408. The attack is possible to be carried out remotely. No exploit exists.
It is suggested to upgrade the affected component.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-12
Published