A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems.
The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments.
Vulnerability Overview
Zoom Offensive Security identified a command injection flaw in Zoom Node MMR deployments that enables remote code execution (RCE) through network access.
The vulnerability carries a CVSS v3.1 score of 9.9, indicating severe exploitability with minimal barriers to attack.
The low attack complexity and network-accessible attack vector place this vulnerability among the most critical disclosed threats to Zoom infrastructure.
| Parameter | Value |
|---|---|
| CVE ID | CVE-2026-22844 |
| CVSS Score | 9.9 (Critical) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network |
The command injection vulnerability impacts the following Zoom Node deployments:
- Zoom Node Meetings Hybrid (ZMH) – MMR module versions prior to 5.2.1716.0
- Zoom Node Meeting Connector (MC) – MMR module versions prior to 5.2.1716.0
Any organization operating these versions faces immediate risk of unauthorized code execution by authenticated meeting participants.
Zoom recommends immediate action for all affected deployments. Administrators should prioritize updating MMR modules to version 5.2.1716.0 or later to eliminate the vulnerability.
Organizations can initiate patching by referencing Zoom’s official support documentation on Managing updates for Zoom Node, which provides step-by-step procedures for safely deploying updates across hybrid and connector deployments without service disruption.
The command injection vulnerability poses significant risk to enterprise communication infrastructure.
With high attack impact across confidentiality, integrity, and availability, successful exploitation could lead to data exfiltration, meeting manipulation, or denial of service affecting critical business communications.
Security teams should classify this as a critical priority patch and schedule immediate updates across all affected Zoom Node environments.
Follow us on Google News, LinkedIn, and X to Get Instant Updates ancd Set GBH as a Preferred Source in Google.