Zoom Video Communications has issued an urgent security advisory for a critical vulnerability (identified as CVE-2026-22844 ) affecting its enterprise infrastructure.
The issue involves a command injection flaw in Zoom Node Multimedia Routers (MMR) devices, components used in Zoom Node Meetings Hybrid and Meeting Connector deployments.
With a CVSS score of 9.9 out of 10 , the bug is classified as “critical” by vulnerability assessment systems. According to published information, the flaw can be exploited by a meeting participant to execute arbitrary commands on the media router via a simple network connection.
The anomaly affects Zoom Node MMR versions prior to 5.2.1716.0 and does not require administrative privileges or physical access to the machine; simply connecting to a session using a vulnerable node is sufficient. In this scenario, an attacker could gain control of the system that handles audio and video, potentially jeopardizing the integrity of communications.
Zoom has specifically recommended that administrators immediately update affected devices to version 5.2.1716.0 or later to mitigate the risk. Update instructions are included in the official support article on managing Zoom Node updates.
Organizations using these hybrid configurations are advised to consider patching a top priority , given the potential severity and ease with which it can be exploited by users connected to a meeting.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
