CVE-2026-53407: Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 7.0.4
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An improper authorization flaw in the custom URL scheme handler affects Zoom Workplace for Android (before 7.0.4) and iOS (before 7.0.3). A remote attacker with a low-privilege account can reach the vulnerable handler over the network without any victim interaction, then escalate privileges to read sensitive data or tamper with application data. A patched-image rebuild at version 7.0.4 is available on HarborGuard for affected environments.
HarborGuard Coverage
Detection of CVE-2026-53407 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Zoom Workplace.
AvailableTriage is available with the CVSS 8.1 HIGH score applied automatically, weighted against each customer's per-environment compliance policy, and routed to the appropriate team inbox within the customer org.
AvailableA patched-image rebuild at Zoom Workplace 7.0.4 becomes available on HarborGuard for environments running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a PR against affected workloads.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the custom URL scheme handler over the network; the service must be exposed to an external or internal network-reachable surface.
- AuthenticationRequired
A low-privilege account is sufficient; no administrative or elevated credentials are needed to trigger the handler.
- Victim interactionNot required
No user action such as clicking a link or opening a file is needed for the attacker to exploit this flaw.
- Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions, memory layout dependencies, or special environmental factors are required.
Blast Radius
- A successful attacker reads sensitive application data, which may include session tokens, user credentials, or private meeting content stored by Zoom Workplace.
- A successful attacker modifies application state or configuration data, enabling privilege escalation within the Zoom Workplace application context.
- Confidentiality and integrity of the affected device's Zoom session are both compromised, but availability of the service is not directly affected by this vulnerability.
How HarborGuard Handles This
Available on HarborGuard: images containing Zoom Workplace versions below 7.0.4 (Android) or 7.0.3 (iOS) are flagged immediately upon scan, with the CVSS 8.1 HIGH rating applied and routed per each customer's compliance policy. Where compliance policy permits auto-remediation, HarborGuard rebuilds the image at the fixed version, executes a regression run, and opens a patch PR against affected workloads. For high-severity issues, the median time from CVE publication to a merged patch PR is around 90 minutes for environments with auto-remediation enabled. Customers who manage remediation manually can view the full finding detail, affected image list, and recommended fix version in the HarborGuard dashboard.
Fix available
- Zoom Communications / Zoom Workplace< 7.0.4 (from 0)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N