CVE-2026-53406
Analyzed Analyzed - Analysis Complete

Insufficient Verification of Data Authenticity in Zoom Contact Center for Windows

Vulnerability report for CVE-2026-53406, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-12

Last updated on: 2026-06-29

Assigner: Zoom Video Communications, Inc.

Description

Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-12
Last Modified
2026-06-29
Generated
2026-07-03
AI Q&A
2026-06-12
EPSS Evaluated
2026-07-01
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zoom remote_control to 7.0.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-345 The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-53406 is a vulnerability in the Remote Control feature of Zoom Contact Center for Windows versions before 7.0.0. It involves insufficient verification of data authenticity, which means the system does not properly confirm that the data it receives is genuine and trustworthy.

This flaw allows an authenticated user with local access to potentially escalate their privileges, meaning they could gain higher-level permissions than intended.

Impact Analysis

This vulnerability can have a significant impact because it allows an authenticated local user to escalate their privileges on the affected system.

  • An attacker with local access could gain higher permissions, potentially leading to unauthorized access to sensitive data or system controls.
  • The vulnerability has a high severity rating with a CVSS score of 7.8, indicating a substantial risk to confidentiality, integrity, and availability.
  • Exploitation could result in compromise of system security and unauthorized actions performed by the attacker.
Mitigation Strategies

To mitigate the CVE-2026-53406 vulnerability, users should update Zoom Contact Center on Windows systems to version 7.0.0 or later.

Applying the latest updates from Zoom's official download page is recommended to maintain security and prevent privilege escalation via the Remote Control feature.

Detection Guidance

This vulnerability affects Zoom Contact Center on Windows systems running versions prior to 7.0.0. Detection involves verifying the installed version of Zoom Contact Center to determine if it is vulnerable.

To detect if your system is affected, check the installed version of Zoom Contact Center. If the version is earlier than 7.0.0, the system is vulnerable.

  • On Windows, you can check the installed version via PowerShell with the command: Get-ItemProperty 'HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*' | Where-Object { $_.DisplayName -like '*Zoom Contact Center*' } | Select-Object DisplayName, DisplayVersion
  • Alternatively, check the version from the application itself or via the Control Panel's Programs and Features.

There are no specific network detection commands or signatures provided for this vulnerability, as it is a local privilege escalation issue requiring local access.

Compliance Impact

The provided information does not specify how the CVE-2026-53406 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart