January 21, 2026 By Pierluigi Paganini
Zoom addressed a critical security vulnerability, tracked as CVE-2026-22844, that could result in remote code execution.
Cloud-based video conferencing and online collaboration platform Zoom released security updates to address multiple vulnerabilities, including command injection, tracked as CVE-2026-22844 (CVSS score of 9.9), in Zoom Node Multimedia Routers (MMRs) that could result in remote code execution.
“A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.” reads the advisory. “Customers that are using Zoom Node Meetings Hybrid or Meeting Connector deployments are advised to have their administrators update to the latest available MMR version.”
The company’s Offensive Security team discovered the vulnerability.