CVE-2026-53408: Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7
Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privilege via network access.
Metrics
- CVSS v3.1
- 8.1
- Severity
- HIGH
- Fixed in
- 7.0.4
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An improper authorization flaw in the custom URL scheme handler affects Zoom Workplace for Android (before 7.0.4) and iOS (before 7.0.3). The vulnerability is reachable over the network and requires only a low-privilege account, allowing an attacker to escalate their privileges within the application. Successful exploitation gives the attacker unauthorized read access to sensitive data and the ability to tamper with application data. A patched-image rebuild at version 7.0.4 is available on HarborGuard for affected environments.
HarborGuard Coverage
Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle Zoom Workplace. Any image containing an affected version of Zoom Workplace is flagged automatically.
AvailableHarborGuard scores this CVE at 8.1 HIGH using its CVSS v3.1 vector, and per-environment compliance policy weighting is applied to prioritize routing to the appropriate team or inbox inside each customer organization.
AvailableA patched-image rebuild at Zoom Workplace 7.0.4 becomes available on HarborGuard for any environment running an affected version. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite, and opens a PR against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the Zoom Workplace service over the network; there is no requirement for local or physical access.
- AuthenticationRequired
A low-privilege account is sufficient; the attacker does not need admin or elevated credentials to trigger the flaw.
- Victim interactionNot required
No user interaction is needed; the attacker can exploit the vulnerability without any social-engineering step.
- Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions.
Blast Radius
- An attacker reads sensitive application data, which may include session tokens, private meeting metadata, or user account details.
- An attacker modifies application data or settings, enabling unauthorized actions within the Zoom Workplace session.
- The privilege escalation may allow the attacker to impersonate higher-privileged users or access functionality restricted to administrators.
How HarborGuard Handles This
Available on HarborGuard: detection for CVE-2026-53408 is active across all customer scanning environments, matching any image that bundles a vulnerable Zoom Workplace build (Android before 7.0.4, iOS before 7.0.3). A patched-image rebuild at version 7.0.4 is available for environments running affected versions. For customers who opt into auto-remediation, HarborGuard triggers a rebuild at the fix version, runs a regression test run, and opens a PR against affected workloads; for HIGH-severity issues, the median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. Where compliance policy requires manual review before merge, the PR and supporting scan report are routed to the designated inbox for that environment.
Fix available
- Zoom Communications / Zoom Workplace< 7.0.4 (from 0)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N