• Home
  • cyber
  • Zoom: Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
cyber Vulnerability

Zoom: Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection

Jan 21, 2026 2 min read
Zoom: Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection

Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code Execution

A severe command injection flaw in Zoom Node Multimedia Routers (MMRs) has been disclosed, allowing authenticated meeting participants to execute arbitrary code on vulnerable systems. Tracked as CVE-2026-22844, the vulnerability carries a CVSS score of 9.9, reflecting its critical severity due to low attack complexity and network-accessible exploitation.

The flaw impacts Zoom Node Meetings Hybrid (ZMH) and Meeting Connector (MC) deployments running MMR module versions prior to 5.2.1716.0. Successful exploitation could lead to data exfiltration, meeting manipulation, or denial-of-service attacks, compromising confidentiality, integrity, and availability of enterprise communications.

Zoom has released patches in MMR module version 5.2.1716.0 or later, urging administrators to prioritize updates. The company’s official support documentation provides guidance for deploying fixes without service disruption. Organizations using affected versions face immediate risk, as the vulnerability enables remote code execution (RCE) with minimal prerequisites.

Security teams are advised to treat this as a critical patch priority to mitigate potential breaches in business-critical infrastructure.

Source: https://gbhackers.com/critical-zoom-vulnerability-enables-remote-code-execution/

Zoom cybersecurity rating report: https://www.rankiteo.com/company/zoom

"id": "ZOO1769568712",
"linkid": "zoom",
"type": "Vulnerability",
"date": "1/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Enterprises using Zoom Node '
                                              'Meetings Hybrid (ZMH) and '
                                              'Meeting Connector (MC) with MMR '
                                              'module versions prior to '
                                              '5.2.1716.0',
                        'industry': 'Technology (Video Conferencing)',
                        'name': 'Zoom',
                        'type': 'Company'}],
 'attack_vector': 'Network',
 'customer_advisories': 'Zoom urged administrators to prioritize updates and '
                        'provided guidance for deploying fixes without service '
                        'disruption.',
 'data_breach': {'data_exfiltration': 'Possible',
                 'sensitivity_of_data': 'High (confidentiality, integrity, and '
                                        'availability of enterprise '
                                        'communications)',
                 'type_of_data_compromised': 'Enterprise communications data'},
 'description': 'A severe command injection flaw in Zoom Node Multimedia '
                'Routers (MMRs) has been disclosed, allowing authenticated '
                'meeting participants to execute arbitrary code on vulnerable '
                'systems. Tracked as CVE-2026-22844, the vulnerability carries '
                'a CVSS score of 9.9, reflecting its critical severity due to '
                'low attack complexity and network-accessible exploitation. '
                'The flaw impacts Zoom Node Meetings Hybrid (ZMH) and Meeting '
                'Connector (MC) deployments running MMR module versions prior '
                'to 5.2.1716.0. Successful exploitation could lead to data '
                'exfiltration, meeting manipulation, or denial-of-service '
                'attacks, compromising confidentiality, integrity, and '
                'availability of enterprise communications. Zoom has released '
                'patches in MMR module version 5.2.1716.0 or later, urging '
                'administrators to prioritize updates.',
 'impact': {'data_compromised': 'Yes',
            'operational_impact': 'Meeting manipulation, denial-of-service '
                                  'attacks',
            'systems_affected': 'Zoom Node Meetings Hybrid (ZMH) and Meeting '
                                'Connector (MC) deployments'},
 'post_incident_analysis': {'corrective_actions': 'Patch deployment and '
                                                  'prioritization of updates',
                            'root_causes': 'Command injection flaw in Zoom '
                                           'Node Multimedia Routers (MMRs)'},
 'recommendations': 'Treat this as a critical patch priority to mitigate '
                    'potential breaches in business-critical infrastructure. '
                    'Administrators should prioritize updating to MMR module '
                    'version 5.2.1716.0 or later.',
 'references': [{'source': 'Zoom Official Support Documentation'}],
 'response': {'communication_strategy': 'Official support documentation and '
                                        'advisories',
              'containment_measures': 'Patch deployment (MMR module version '
                                      '5.2.1716.0 or later)',
              'remediation_measures': 'Zoom released patches and provided '
                                      'guidance for deploying fixes without '
                                      'service disruption'},
 'title': 'Critical Zoom Node Vulnerability Exposes Enterprises to Remote Code '
          'Execution',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'CVE-2026-22844 (Command Injection)'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.