Command Injection Vulnerability in Zoom Node Multimedia Routers

CVE-2026-22844

What is CVE-2026-22844?

CVE-2026-22844 is a command injection vulnerability identified in the Zoom Node Multimedia Routers (MMRs) prior to version 5.2.1716.0. These routers are integral to Zoom’s infrastructure, providing critical functionalities for multimedia processing in virtual meetings. This vulnerability enables a participant with network access to execute arbitrary commands on the MMR, potentially leading to unauthorized actions within the Zoom ecosystem. The ability to perform remote code execution poses serious risks, as it could allow attackers to manipulate the router, access sensitive information, or disrupt services, all of which could greatly compromise an organization’s security and operational integrity.

Potential impact of CVE-2026-22844

1. Remote Code Execution: The primary risk of this vulnerability is the potential for remote code execution, enabling attackers to execute unauthorized commands on the affected routers, which could lead to system takeover or further exploitation of network resources.

2. Compromise of Sensitive Data: With control over the MMR, attackers may gain access to sensitive data transmitted during virtual meetings. This could result in data breaches, exposing confidential organizational information to unauthorized parties.

3. Service Disruption: The exploitation of this vulnerability may lead to service interruptions or degradation. If attackers manipulate the routing capabilities or shut down the MMR, it could disrupt communication during critical meetings, affecting productivity and operational continuity for organizations relying on Zoom for their daily interactions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References