Critical Zoom Command Injection Flaw Allows Remote Code

A critical command injection vulnerability has been discovered in Node Multimedia Routers (MMRs). This flaw could allow meeting participants to execute arbitrary code on affected systems.

The vulnerability, tracked as CVE-2026-22844, carries a CVSS severity rating of 9.9, the highest possible score, indicating an extremely dangerous threat requiring immediate remediation.

Zoom Command Injection Vulnerability

The command injection flaw exists in Zoom Node MMR versions before 5.2.1716.0. It affects two primary deployment scenarios: Zoom Node Meetings Hybrid (ZMH) and Zoom Node Meeting Connector (MC) environments.

The vulnerability requires only network access and low-level privileges to exploit, with no user interaction necessary.

An attacker with valid meeting participant credentials could leverage the flaw to achieve remote code execution directly on the MMR infrastructure.

The vulnerability’s critical nature stems from its network-accessible vector and its ability to compromise the entire system. With a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A: H.

The flaw demonstrates high impact across confidentiality, integrity, and availability, meaning attackers could steal data, modify system configurations, and disrupt services simultaneously.

Organizations operating Zoom Node Meetings, Hybrid, or Meeting Connector deployments face immediate risk.

The vulnerability specifically targets MMR modules running versions before 5.2.1716.0, making version identification and patching the primary mitigation steps. Zoom attributed the discovery to its own Offensive Security team.

Zoom strongly advises administrators to immediately update affected MMR modules to version 5.2.1716.0 or later.

The company published detailed guidance through its Managing Updates for Zoom Node support documentation, providing step-by-step instructions for deploying patches across Zoom Node infrastructure.

Organizations should prioritize this update as critical, treating it with the same urgency as responses to zero-day vulnerabilities.

Given the vulnerability’s low attack complexity and requirement for only basic participant-level access, exploitation risk is substantial in real-world environments.

Organizations using Zoom Node deployments should immediately verify their current MMR versions and deploy patches without delay.

Given the critical severity rating and ease of exploitation, this vulnerability represents a substantial security risk requiring urgent attention across all affected environments.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.