Splunk and Zoom Fix Security Flaws That Could Let Hackers Take Over Accounts

Both companies pushed out patches this week. One Zoom flaw scores a near-perfect danger rating and could let a criminal break into accounts without knowing a password.

ThreatVectr Newsdesk· 3 min read
A dimly lit server room with rows of rack-mounted hardware, status indicator lights blinking amber and red in rhythmic patterns, cool blue ambient light casting
Share

Key points

  • Zoom patched CVE-2026-53412 on or around the week of publication, a critical flaw scoring 9.8 out of 10 that affects Zoom Workplace for Windows.
  • That flaw could let a criminal take over a user's Zoom account without needing a password or any help from the victim.
  • Splunk fixed three flaws specific to its own software, including two high-severity bugs affecting Splunk Enterprise versions prior to 10.4.1, 10.2.5, 10.0.8, and 9.4.13.
  • Neither company says any of these vulnerabilities have been exploited by criminals yet.

Zoom and Splunk both released security updates this week. The patches close holes that could have allowed criminals to break into accounts or steal stored passwords.

The more urgent concern is Zoom. The company fixed a critical vulnerability, tracked as CVE-2026-53412, in its Zoom Workplace and Zoom Workplace VDI Client (a version of the app designed for shared corporate desktop systems) for Windows. It carries a CVSS score of 9.8 out of 10. CVSS is a standardised danger-rating system where 10 is the worst possible.

Could a criminal take over your Zoom account without your password?

Yes, that is exactly what this flaw permits. A criminal on the internet, with no password and no help from you, could exploit this bug to seize control of an affected account. Zoom has not said how many users were exposed, nor has it reported any real-world attacks using this method.

Zoom's update bundle also covers three high-severity bugs. One is a TOCTOU race condition, where a program checks whether an action is safe and then briefly loses track before completing it, leaving a window for an attacker to slip in. The other two let attackers raise their own permission level inside a system once they already have limited access.

If you use Zoom on a Windows machine, open the app and check that it has updated itself. Zoom typically pushes updates automatically, but confirming costs nothing.

Splunk, which makes software that companies use to search and monitor their own IT logs and data, patched three flaws in its enterprise product. CVE-2026-20296 is a high-severity bypass of command safeguards, meaning an attacker who gets past it can run commands the software should have blocked. CVE-2026-20297 is a high-severity path traversal, a technique where an attacker tricks the software into writing files to folders it should never touch. CVE-2026-20298 is a medium-severity flaw that exposes stored credential hashes, which are scrambled versions of passwords that can sometimes be cracked offline.

All three are fixed in Splunk Enterprise versions 10.4.1, 10.2.5, 10.0.8, and 9.4.13. The same releases also address critical and high-severity bugs found in bundled third-party code, including Golang and OpenSSL libraries.

As first reported by SecurityWeek, neither company has seen these vulnerabilities used in active attacks. Even so, the window between a patch announcement and criminal exploitation is often measured in days. IT teams running either product should treat these updates as urgent.

If your workplace uses Splunk or Zoom, ask your IT contact whether the latest versions are already in place.

© 2026 Threat Vectr