44/69 Friday, January 23, 2026
Zoom has released security updates to address multiple vulnerabilities, including a critical flaw in Zoom Node Multimedia Routers (MMRs) tracked as CVE-2026-22844 with a CVSS score of 9.9. The vulnerability is a command injection issue that could allow a meeting participant with network access to execute remote code (RCE) on the MMR system.
According to the security advisory, the issue affects the Node Meeting Connector (MC) MMR module and the Node Meetings Hybrid (ZMH) MMR module in versions prior to 5.2.1716.0. Zoom strongly recommends that organizations using Zoom Node Meetings Hybrid or Meeting Connector deployments upgrade their MMRs to the latest version immediately. The vulnerability was discovered by Zoom’s Offensive Security team, and no active exploitation has been observed at this time.
Previously, Zoom addressed other critical vulnerabilities in its products. For example, in August 2025, the company fixed CVE-2025-49457 (CVSS 9.6) in Zoom Clients for Windows, which could have allowed unauthenticated attackers to escalate privileges over the network. Administrators are therefore advised to apply security patches regularly to reduce exposure to such high-risk vulnerabilities.
Source https://securityaffairs.com/187165/security/zoom-fixed-critical-node-multimedia-routers-flaw.html
