8.1
CVE-2026-53407
- EPSS 0.21%
- Veröffentlicht 12.06.2026 17:56:26
- Zuletzt bearbeitet 15.06.2026 20:52:58
- Quelle security@zoom.us
- CVE-Watchlists
- Unerledigt
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerZoom Communications
≫
Produkt
Zoom Workplace
Default Statusunaffected
Version
0
Version <
7.0.4
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.113 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zoom.us | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-939 Improper Authorization in Handler for Custom URL Scheme
The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.
https://www.zoom.com/en/trust/security-bulletin/zsb-26010