Critical Zoom Flaw (CVE-2026-22844): CVSS 9.9 Command Injection Exposes Hybrid Meetings
Ddos 
A near-maximum severity vulnerability has been discovered in Zoom’s enterprise infrastructure, threatening to turn hybrid meeting setups into open doors for attackers. In a new security advisory, Zoom has disclosed a critical Command Injection flaw affecting its Zoom Node Multimedia Routers (MMRs).
The vulnerability, tracked as CVE-2026-22844, carries a CVSS score of 9.9, signaling an immediate danger to organizations running specific hybrid deployments. The flaw resides in the Multimedia Router (MMR)—the component responsible for processing audio and video streams in Zoom’s architecture.
According to the disclosure, the issue is a “Command Injection vulnerability” that affects Zoom Node Multimedia Routers prior to version 5.2.1716.0. The implications of this flaw are severe. A malicious actor doesn’t need physical access to the server; instead, a “meeting participant” can exploit this vulnerability via network access.
“The vulnerability may allow a meeting participant to conduct remote code execution of the MMR via network access,” the advisory warns.
This means an attacker attending a meeting hosted on a vulnerable node could potentially inject malicious commands to hijack the router, gaining control over the underlying system processing the meeting’s media.
The vulnerability specifically targets organizations using:
- Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0
- Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0
Zoom is urging all customers using these hybrid or connector deployments to take immediate action. Administrators are advised to update their Multimedia Routers to the latest available version (5.2.1716.0 or later) to close this critical security gap.
“Administrators of Zoom Node can help keep their deployments secure by following the steps on the Managing updates for Zoom Node support article to update,” the advisory states.
With a severity score of 9.9, this is not a drill. Security teams managing Zoom Node infrastructure should treat this patch as an emergency priority.
Related Posts:
- Zoom Customers Advised to Update Software to Fix Security Vulnerabilities
- Zoom Patches 6 Flaws: DoS, Info Disclosure & XSS Across All Platforms
- High-Severity Zoom Rooms Flaw Risks Privilege Escalation via Downgrade Protection Bypass
- Malicious VS Code Extension Masquerades as Zoom to Steal Chrome Cookies
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
