CVE-2026-22844

Name of the Vulnerable Software and Affected Versions Zoom Node Multimedia Routers (MMRs) versions prior to 5.2.1716.0

Description A critical command injection flaw exists in Zoom Node Multimedia Routers (MMRs). This flaw allows a meeting participant to conduct remote code execution (RCE) on the MMR via network access. The issue impacts hybrid and connector deployments. No active exploitation has been reported, but the risk remains high due to the severity of the vulnerability. Compromised MMR infrastructure could enable data theft, service disruption, and full control of on-prem/hybrid Zoom meeting environments. The vulnerability does not require administrative privileges to exploit; any meeting participant can potentially trigger the RCE.

Recommendations Update Zoom Node Multimedia Routers to version 5.2.1716.0 or later.