A critical command injection vulnerability in Node Multimedia Routers (MMRs) could allow meeting participants to execute arbitrary code on affected systems.
The vulnerability, tracked as CVE-2026-22844, carries a CVSS severity rating of 9.9, the highest possible score, indicating an extremely dangerous threat requiring immediate remediation.
Zoom Command Injection Vulnerability
The command injection flaw exists in Zoom Node MMR versions before 5.2.1716.0. It affects two primary deployment scenarios: Zoom Node Meetings Hybrid (ZMH) and Zoom Node Meeting Connector (MC) environments.
The vulnerability requires only network access and low-level privileges to exploit, with no user interaction necessary.
| Field | Value |
|---|---|
| CVE ID | CVE-2026-22844 |
| Bulletin | ZSB-26001 |
| CVSS Score | 9.9 (Critical) |
| Attack Vector | Network |
| Flaw Type | Command Injection |
An attacker with valid meeting participant credentials could leverage the flaw to achieve remote code execution directly on the MMR infrastructure.
The vulnerability’s critical nature stems from its network-accessible vector and its ability to compromise the entire system. With a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A: H.
The flaw demonstrates high impact across confidentiality, integrity, and availability, meaning attackers could steal data, modify system configurations, and disrupt services simultaneously.
Organizations operating Zoom Node Meetings, Hybrid, or Meeting Connector deployments face immediate risk.
The vulnerability specifically targets MMR modules running versions before 5.2.1716.0, making version identification and patching the primary mitigation steps. Zoom attributed the discovery to its own Offensive Security team.
Zoom strongly advises administrators to immediately update affected MMR modules to version 5.2.1716.0 or later.
The company published detailed guidance through its Managing Updates for Zoom Node support documentation, providing step-by-step instructions for deploying patches across Zoom Node infrastructure.
Organizations should prioritize this update as critical, treating it with the same urgency as responses to zero-day vulnerabilities.
Given the vulnerability’s low attack complexity and requirement for only basic participant-level access, exploitation risk is substantial in real-world environments.
Organizations using Zoom Node deployments should immediately verify their current MMR versions and deploy patches without delay.
Given the critical severity rating and ease of exploitation, this vulnerability represents a substantial security risk requiring urgent attention across all affected environments.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
