Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution
A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation.
The flaw affects Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising enterprise communication infrastructure.
Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates. The vulnerability was identified by Zoom Offensive Security, with affected organizations advised to apply fixes immediately to mitigate risks to confidentiality, integrity, and availability. Official guidance for patching is available in Zoom’s support documentation.
Source: https://gbhackers.com/critical-zoom-vulnerability-enables-remote-code-execution/
Zoom cybersecurity rating report: https://www.rankiteo.com/company/zoom
"id": "ZOO1769023542",
"linkid": "zoom",
"type": "Vulnerability",
"date": "2/1716",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Enterprises using Zoom Node '
'Meetings Hybrid (ZMH) and '
'Meeting Connector (MC)',
'industry': 'Software (Video Conferencing)',
'name': 'Zoom',
'type': 'Technology Company'}],
'attack_vector': 'Network',
'data_breach': {'data_exfiltration': 'Potential'},
'description': 'A severe command injection flaw in Zoom Node Multimedia '
'Routers (MMRs) has been disclosed, allowing authenticated '
'meeting participants to execute arbitrary code on vulnerable '
'systems. Tracked as CVE-2026-22844, the vulnerability carries '
'a CVSS score of 9.9, reflecting its critical severity due to '
'low attack complexity and network-accessible exploitation. '
'The flaw affects Zoom Node Meetings Hybrid (ZMH) and Meeting '
'Connector (MC) deployments running MMR module versions prior '
'to 5.2.1716.0. Successful exploitation could lead to data '
'exfiltration, meeting manipulation, or denial-of-service '
'attacks, compromising enterprise communication '
'infrastructure. Zoom has released patches in MMR module '
'version 5.2.1716.0 or later, urging administrators to '
'prioritize updates.',
'impact': {'data_compromised': 'Potential data exfiltration',
'operational_impact': 'Meeting manipulation, denial-of-service '
'attacks',
'systems_affected': 'Zoom Node Meetings Hybrid (ZMH) and Meeting '
'Connector (MC) deployments'},
'post_incident_analysis': {'corrective_actions': 'Patch deployment (MMR '
'module version 5.2.1716.0 '
'or later)',
'root_causes': 'Command injection flaw in Zoom '
'Node MMRs'},
'recommendations': 'Apply patches immediately to mitigate risks to '
'confidentiality, integrity, and availability.',
'references': [{'source': 'Zoom Offensive Security',
'url': 'Zoom’s support documentation'}],
'response': {'communication_strategy': 'Official guidance in Zoom’s support '
'documentation',
'containment_measures': 'Patch release (MMR module version '
'5.2.1716.0 or later)',
'remediation_measures': 'Apply patches immediately'},
'title': 'Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code '
'Execution',
'type': 'Vulnerability Exploitation',
'vulnerability_exploited': 'CVE-2026-22844 (Command Injection)'}