CVE-2026-53407
Summary
| CVE | CVE-2026-53407 |
|---|---|
| State | PUBLISHED |
| Assigner | Zoom |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-12 19:16:29 UTC |
| Updated | 2026-06-12 19:16:29 UTC |
| Description | Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access. |
Risk And Classification
Primary CVSS: v3.1 8.1 HIGH from [email protected]
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
EPSS: 0.000380000 probability, percentile 0.118140000 (date 2026-06-13)
Problem Types: CWE-939 | CWE-939 CWE-939 Improper authorization in handler for custom URL scheme
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | [email protected] | Secondary | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
| 3.1 | CNA | CVSS | 8.1 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
LowUser Interaction
NoneScope
UnchangedConfidentiality
HighIntegrity
HighAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Zoom Communications | Zoom Workplace | affected 7.0.4 custom | Android, iOS |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.zoom.com/en/trust/security-bulletin/zsb-26010 | [email protected] | www.zoom.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.