8.1
CVE-2026-53408
- EPSS 0.21%
- Veröffentlicht 12.06.2026 17:57:01
- Zuletzt bearbeitet 16.06.2026 18:59:00
- Quelle security@zoom.us
- CVE-Watchlists
- Unerledigt
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zoom ≫ Meeting Software Development Kit SwPlatformiphone_os Version < 7.0.3
Zoom ≫ Meeting Software Development Kit SwPlatformandroid Version < 7.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.113 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@zoom.us | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
CWE-939 Improper Authorization in Handler for Custom URL Scheme
The product uses a handler for a custom URL scheme, but it does not properly restrict which actors can invoke the handler using the scheme.
https://www.zoom.com/en/trust/security-bulletin/zsb-26010