Improper URL parsing in Zoom Clients
Description
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A URL parsing vulnerability in Zoom Client for Meetings before 5.11.0 allows attackers to direct users to arbitrary network addresses, potentially leading to remote code execution.
Vulnerability
The Zoom Client for Meetings versions prior to 5.11.0 on Android, iOS, Linux, macOS, and Windows contain a URL parsing vulnerability. When a user opens a maliciously crafted Zoom meeting URL, the client may incorrectly parse the link, directing the connection to an arbitrary network address. This affects all versions before 5.11.0.
Exploitation
An attacker must craft a malicious Zoom meeting URL and trick a user into opening it, typically via phishing or social engineering. No authentication is required, but user interaction is necessary. The attacker can specify an arbitrary network address, such as a server under their control, to which the Zoom client will attempt to connect.
Impact
Successful exploitation can lead to the user connecting to an attacker-controlled network address, enabling further attacks. The vulnerability has the potential for remote code execution through launching executables from arbitrary paths, as the attacker could serve malicious content that executes on the victim's system.
Mitigation
Zoom released version 5.11.0 to fix this vulnerability. Users should update to the latest version as recommended in the Zoom Security Bulletin [1]. No workarounds are currently available.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <5.11.0
- Zoom Video Communications, Inc./Zoom (for Android, iOS, Linux, macOS, And Windows) Clients Before Version 5.13.5cpe-rescueRange: unspecified
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- explore.zoom.us/en/trust/security/security-bulletin/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.