Andere informatie en diensten van de overheid: www.belgium.be Centre for Cybersecurity Belgium
search

Warning: Critical OS Command Injection in On-Premises Zoom Node Deployments, Patch Immediately!

Image
Decorative image
Gepubliceerd : 26/01/2026

    * Last update:  26/01/2026
   
    * Affected products:
         → Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0
         → Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0

    * Type: OS Command Injection leading to Remote Code Execution

    * CVE/CVSS:

  • CVE-2026-22844: CVSS 9.9 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)

Sources

Zoom - https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

Risks

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) may allow a meeting participant to conduct remote code execution of the MMR via network access. Exploitation requires no user interaction and the compromise can affect other components of the MMR or trust boundaries.

Full compromise of the affected component, can mean unauthorized access to system resources, altered system behavior, or operational disruption of Zoom Node services handled by the MMR.

Description

CVE-2026-22844 is a command injection vulnerability affecting Zoom Node Multimedia Routers (MMRs) prior to version 5.2.1716.0. The issue allows a meeting participant with network access to inject commands into the MMR due to improper handling of input.

The vulnerability affects MMR components used in Zoom Node Meetings Hybrid and Zoom Node Meeting Connector deployments.

Recommended Actions

Patch 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2026-22844