Zoom Node Deployments - Command Injection
- ZSB-26001
- CVE-2026-22844
- Critical
- 9.9
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
Customers that are using Zoom Node Meetings Hybrid or Meeting Connector deployments are advised to have their administrators update to the latest available MMR version.
Administrators of Zoom Node can help keep their deployments secure by following the steps on the Managing updates for Zoom Node support article to update.
- Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0
- Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0
Reported by Zoom Offensive Security
| Revision | Date | Description |
|---|---|---|
| 1.0 | 01/20/2026 | Initial publication. |