CVE-2026-53411

Zoom · Zoom Workplace VDI Plugin

A TOCTOU race condition in the Zoom Workplace VDI Plugin for Windows allows authenticated local users to escalate privileges during installation or uninstallation.

Executive summary

A local privilege escalation vulnerability in the Zoom Workplace VDI Plugin could allow an authenticated user to gain elevated system permissions.

Vulnerability

This is a time-of-check to time-of-use (TOCTOU) race condition within the installation and uninstallation process of the software. An authenticated local user can exploit this logic flaw to manipulate the process and escalate their privileges on the host system.

Business impact

The ability for a local user to escalate privileges poses a severe risk, as it allows attackers to bypass standard system security boundaries. With a CVSS score of 7.8, this vulnerability could facilitate full system compromise if an attacker gains initial low-level access to a workstation or server.

Remediation

Immediate Action: Update the Zoom Workplace VDI Plugin to version 6.6.14 or later.

Proactive Monitoring: Monitor system logs for suspicious process execution patterns or unauthorized attempts to modify installation directories.

Compensating Controls: Restrict local user permissions on systems where the Zoom VDI plugin is deployed to minimize the potential for local exploitation.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Given the potential for privilege escalation, organizations should deploy the updated version of the Zoom Workplace VDI Plugin as part of their next scheduled maintenance cycle.