{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53406", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "state": "PUBLISHED", "assignerShortName": "Zoom", "dateReserved": "2026-06-09T10:12:34.854Z", "datePublished": "2026-06-12T17:52:45.190Z", "dateUpdated": "2026-06-12T18:01:48.839Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-06-12T17:52:45.190Z"}, "datePublic": "2026-06-10T12:00:00.000Z", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity", "type": "CWE"}]}], "affected": [{"vendor": "Zoom Communications", "product": "Remote Control for Zoom Contact Center", "platforms": ["Windows"], "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.0", "versionType": "custom"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.</p>"}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26009"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-12T18:01:32.472839Z", "id": "CVE-2026-53406", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-12T18:01:48.839Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-53406", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-12T18:01:32.472839Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-12T18:01:34.600Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zoom Communications", "product": "Remote Control for Zoom Contact Center", "versions": [{"status": "affected", "version": "0", "lessThan": "7.0.0", "versionType": "custom"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2026-06-10T12:00:00.000Z", "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26009"}], "x_generator": {"engine": "Vulnogram 1.0.0"}, "descriptions": [{"lang": "en", "value": "Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.", "supportingMedia": [{"type": "text/html", "value": "<p>Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-345", "description": "CWE-345: Insufficient Verification of Data Authenticity"}]}], "providerMetadata": {"orgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "shortName": "Zoom", "dateUpdated": "2026-06-12T17:52:45.190Z"}}}, "cveMetadata": {"cveId": "CVE-2026-53406", "state": "PUBLISHED", "dateUpdated": "2026-06-12T18:01:48.839Z", "dateReserved": "2026-06-09T10:12:34.854Z", "assignerOrgId": "99b9af0d-a833-4a5d-9e2f-8b1324f35351", "datePublished": "2026-06-12T17:52:45.190Z", "assignerShortName": "Zoom"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via local access."}], "id": "CVE-2026-53406", "lastModified": "2026-06-12T18:16:35.457", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "security@zoom.us", "type": "Secondary"}]}, "published": "2026-06-12T18:16:35.457", "references": [{"source": "security@zoom.us", "url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26009"}], "sourceIdentifier": "security@zoom.us", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-345"}], "source": "security@zoom.us", "type": "Secondary"}]}

{}

{"created": "2026-06-12T19:30:31.742022+00:00", "title": "Authenticated Escalation via Remote Control Module in Zoom Contact Center", "updated": "2026-06-12T19:30:31.742034+00:00", "vendors": []}