CVE-2026-53406: CWE-345: Insufficient Verification of Data Authenticity in Zoom Communications Remote Control for Zoom Contact Center
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-53406) affects Zoom Communications' Remote Control for Zoom Contact Center on Windows platforms prior to version 7.0.0. It is classified under CWE-345, indicating insufficient verification of data authenticity. An authenticated user with local access could exploit this flaw to escalate privileges, potentially gaining higher-level access than intended. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects that the attack requires local access with low complexity and privileges but results in high impact on confidentiality, integrity, and availability. The vendor has not yet provided a remediation level or patch information, and no known exploits have been reported.
Potential Impact
An authenticated local user may exploit this vulnerability to escalate privileges, potentially compromising system confidentiality, integrity, and availability. This could allow unauthorized actions or access beyond the user's original permissions within the affected Zoom Contact Center Remote Control application.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for unusual privilege escalations related to the affected software.
CVE-2026-53406: CWE-345: Insufficient Verification of Data Authenticity in Zoom Communications Remote Control for Zoom Contact Center
Description
Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.
CVSS v3.1
Score 7.8high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-53406) affects Zoom Communications' Remote Control for Zoom Contact Center on Windows platforms prior to version 7.0.0. It is classified under CWE-345, indicating insufficient verification of data authenticity. An authenticated user with local access could exploit this flaw to escalate privileges, potentially gaining higher-level access than intended. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) reflects that the attack requires local access with low complexity and privileges but results in high impact on confidentiality, integrity, and availability. The vendor has not yet provided a remediation level or patch information, and no known exploits have been reported.
Potential Impact
An authenticated local user may exploit this vulnerability to escalate privileges, potentially compromising system confidentiality, integrity, and availability. This could allow unauthorized actions or access beyond the user's original permissions within the affected Zoom Contact Center Remote Control application.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict local access to trusted users only and monitor for unusual privilege escalations related to the affected software.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Zoom
- Date Reserved
- 2026-06-09T10:12:34.854Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a2c480de617e2d8349cfe3b
Added to database: 6/12/2026, 5:55:25 PM
Last enriched: 6/12/2026, 6:09:20 PM
Last updated: 6/12/2026, 7:21:09 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.