PT-2026-3570 · Zoom · Zoom Node Multimedia Routers
Published
2026-01-20
·
Updated
2026-02-06
·
CVE-2026-22844
CVSS v3.1
9.9
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Zoom Node Multimedia Routers (MMRs) versions prior to 5.2.1716.0
Description
A critical command injection flaw exists in Zoom Node Multimedia Routers (MMRs). This flaw allows a meeting participant to conduct remote code execution (RCE) on the MMR via network access. The issue impacts hybrid and connector deployments. No active exploitation has been reported, but the risk remains high due to the severity of the vulnerability. Compromised MMR infrastructure could enable data theft, service disruption, and full control of on-prem/hybrid Zoom meeting environments. The vulnerability does not require administrative privileges to exploit; any meeting participant can potentially trigger the RCE.
Recommendations
Update Zoom Node Multimedia Routers to version 5.2.1716.0 or later.
Fix
DoS
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zoom Node Multimedia Routers