**Zoom Fixes Critical Node Multimedia Routers Flaw**

In a recent security update, video conferencing platform Zoom addressed a critical flaw in its Node Multimedia Routers (MMRs) that could have allowed attackers to execute malicious code remotely. The vulnerability, tracked as CVE-2026-22844, was identified by Zoom's Offensive Security team and has been assigned a CVSS score of 9.9, indicating high severity.

The bug is a Command Injection vulnerability, which means an attacker could potentially inject malicious commands into the system, allowing them to execute arbitrary code with elevated privileges. According to Zoom's advisory, a meeting participant could exploit this flaw by accessing the MMR over a network, effectively granting unauthorized access to the system.

"A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access," reads the advisory. "Customers that are using Zoom Node Meetings Hybrid or Meeting Connector deployments are advised to have their administrators update to the latest available MMR version."

The affected products include:

  • Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0
  • Zoom Node Meetings Hybrid or Meeting Connector deployments

Fortunately, Zoom has not reported any incidents of attacks in the wild exploiting this vulnerability. However, users are urged to update their MMRs to the latest available version as a precautionary measure.

**Related Security Updates**

In August 2025, Zoom also addressed another critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6), in its Windows clients. This vulnerability allowed an unauthenticated user to exploit the escalation of privilege via network access.

As always, it's essential for users to stay informed about potential security threats and keep their software up-to-date to minimize the risk of exploitation. Follow us on social media to stay updated on the latest security news and alerts!

**Connect with me on:**

* Twitter: @securityaffairs * Facebook * Mastodon