MDR
Solutions
Partners
About
Resources
Zoom has remediated a critical command injection vulnerability affecting Zoom Node Multimedia Routers (MMRs). The issue impacts Zoom Node Meetings Hybrid (ZMH) MMR module and Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0. The vulnerability allows a remote meeting participant to execute arbitrary code on the affected MMR via network access. Successful exploitation could result in compromise of the media routing infrastructure responsible for handling live meeting traffic.
CVE
CVE-2026-22844
Targeting / Delivery Mechanism
The vulnerability may be exploited by a meeting participant with network access to the affected MMR service. By supplying crafted input to the vulnerable component, an attacker can trigger command injection within the MMR environment. Deployments with exposed or insufficiently segmented MMR nodes increase the potential attack surface.
Execution Technique
The flaw is a command injection vulnerability caused by improper input validation. Attacker-controlled input can be interpreted as system-level commands, enabling remote code execution within the context of the MMR service.
Persistence / Deployment
If successfully exploited, an attacker could execute arbitrary commands, deploy additional payloads, modify configurations, or establish persistence on the compromised node, potentially impacting meeting services and connected systems.
Operational Impact
Severity is Critical. Exploitation may lead to remote code execution, service disruption, unauthorised system control, and potential lateral movement within the environment. Organisations operating hybrid or on-premise Zoom meeting infrastructure face elevated operational and security risk.
Validate Integrity
Identify all Zoom Node MMR deployments and confirm versions are updated to 5.2.1716.0 or later. Review system logs for unexpected command execution, abnormal processes, or unexplained service behaviour. Monitor network traffic targeting MMR components for anomalous patterns.
Respond to Confirmed Compromise
Immediately isolate affected systems. Upgrade to the patched version. Conduct forensic analysis of executed commands and configuration changes. Remove unauthorised modifications and rebuild systems if integrity cannot be verified.
Strengthen Preventative Controls
Implement structured patch management for Zoom infrastructure. Restrict network exposure of MMR services and enforce segmentation controls. Apply the Principle of Least Privilege to service accounts and prevent unauthorised client or SDK versions from operating within the environment.
References
https://www.zoom.com/en/trust/security-bulletin/zsb-26001/
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)