Zoom has patched a command injection vulnerability affecting its Node Multimedia Router infrastructure in on-premises and hybrid deployments.
Zoom Node is an enterprise hybrid deployment platform that allows large organizations to run Zoom workloads on their own infrastructure rather than solely in Zoom’s cloud. Organizations typically use Zoom Node to meet compliance requirements, keep meeting traffic within their corporate networks, or maintain service during internet outages.
The vulnerability, tracked as CVE-2026-22844 with a CVSS score of 9.9, exists in the Multimedia Router (MMR) component, which handles video and audio routing in Zoom Node deployments. The flaw allows an authenticated meeting participant to inject system commands that execute on the MMR through network access.
An attacker who successfully exploits this vulnerability could execute arbitrary code on the affected infrastructure, potentially accessing sensitive data, modifying system configurations, or disrupting service availability.
The vulnerability affects Zoom Node Meetings Hybrid (ZMH) or Zoom Node Meeting Connector (MC) deployments with MMR module versions prior to 5.2.1716.0. Standard cloud-based Zoom users without on-premises Node infrastructure are not affected. Zoom has released MMR module version 5.2.1716.0 to address this vulnerability.
Organizations should verify whether they have Zoom Node deployed in their environment. This is typically configured and managed by IT administrators through the Zoom web portal and requires dedicated on-premises server infrastructure.
Learn more about the vulnerability and patches on the official security advisory here.
Leave a Reply