CVE-2026-53406

Vulnerability

The vulnerability resides in Remote Control for Zoom Contact Center for Windows versions prior to 7.0.0. It stems from insufficient verification of data authenticity, which enables an authenticated user to trigger an escalation of privilege via local access. The affected product is Remote Control for Zoom Contact Center for Windows before version 7.0.0 [1].

Exploitation

An attacker must have local access to the target system and be an authenticated user. No user interaction beyond the attacker's own actions is required. The attacker can exploit the insufficient data authenticity verification to execute a sequence of operations that leads to privilege escalation. The exact exploitation steps are not detailed in the public reference [1].

Impact

Successful exploitation allows the attacker to gain elevated privileges on the affected Windows system. The CVSS v3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a complete compromise of confidentiality, integrity, and availability, meaning the attacker can achieve full control over the affected component [1].

Mitigation

Zoom has released version 7.0.0 of Remote Control for Zoom Contact Center for Windows which addresses this vulnerability. Users should apply the latest update available at https://zoom.us/download [1]. No specific workaround is mentioned in the available reference.