{"api_version":"1","generated_at":"2026-06-15T05:24:44+00:00","cve":"CVE-2026-53406","urls":{"html":"https://cve.report/CVE-2026-53406","api":"https://cve.report/api/cve/CVE-2026-53406.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-53406","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-53406"},"summary":{"title":"CVE-2026-53406","description":"Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.","state":"PUBLISHED","assigner":"Zoom","published_at":"2026-06-12 18:16:35","updated_at":"2026-06-12 18:16:35"},"problem_types":["CWE-345","CWE-345 CWE-345: Insufficient Verification of Data Authenticity"],"metrics":[{"version":"3.1","source":"security@zoom.us","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}}],"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26009","name":"https://www.zoom.com/en/trust/security-bulletin/zsb-26009","refsource":"security@zoom.us","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-53406","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-53406","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Zoom Communications","product":"Remote Control for Zoom Contact Center","version":"affected 7.0.0 custom","platforms":["Windows"]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"53406","cve":"CVE-2026-53406","epss":"0.000070000","percentile":"0.005130000","score_date":"2026-06-14","updated_at":"2026-06-15 00:14:08"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["Windows"],"product":"Remote Control for Zoom Contact Center","vendor":"Zoom Communications","versions":[{"lessThan":"7.0.0","status":"affected","version":"0","versionType":"custom"}]}],"datePublic":"2026-06-10T12:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.</p>"}],"value":"Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-345","description":"CWE-345: Insufficient Verification of Data Authenticity","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-12T17:52:45.190Z","orgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","shortName":"Zoom"},"references":[{"url":"https://www.zoom.com/en/trust/security-bulletin/zsb-26009"}],"source":{"discovery":"UNKNOWN"},"x_generator":{"engine":"Vulnogram 1.0.0"}}},"cveMetadata":{"assignerOrgId":"99b9af0d-a833-4a5d-9e2f-8b1324f35351","assignerShortName":"Zoom","cveId":"CVE-2026-53406","datePublished":"2026-06-12T17:52:45.190Z","dateReserved":"2026-06-09T10:12:34.854Z","dateUpdated":"2026-06-12T17:52:45.190Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-12 18:16:35","lastModifiedDate":"2026-06-12 18:16:35","problem_types":["CWE-345","CWE-345 CWE-345: Insufficient Verification of Data Authenticity"],"metrics":{"cvssMetricV31":[{"source":"security@zoom.us","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"53406","Ordinal":"1","Title":"CVE-2026-53406","CVE":"CVE-2026-53406","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"53406","Ordinal":"1","NoteData":"Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.","Type":"Description","Title":"CVE-2026-53406"}]}}}