CVE-2026-22844
📋 TL;DR
A command injection vulnerability in Zoom Node Multimedia Routers allows meeting participants to execute arbitrary commands on the MMR system via network access. This enables remote code execution with the privileges of the MMR service, affecting organizations using vulnerable Zoom MMR deployments for video conferencing infrastructure.
💻 Affected Systems
- Zoom Node Multimedia Routers (MMRs)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the MMR system allowing attackers to install persistent backdoors, pivot to internal networks, steal sensitive meeting data, or disrupt all Zoom meetings routed through the affected MMR.
Likely Case
Meeting participants could execute arbitrary commands to disrupt meetings, exfiltrate data, or use the MMR as a foothold for lateral movement within the network.
If Mitigated
With proper network segmentation and access controls, impact would be limited to the MMR system itself without allowing lateral movement to other critical systems.
🎯 Exploit Status
Exploitation requires meeting participant access, but the vulnerability is in the MMR itself, not the meeting authentication. CVSS 9.9 suggests relatively straightforward exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.2.1716.0
Vendor Advisory: https://www.zoom.com/en/trust/security-bulletin/zsb-26001
Restart Required: Yes
Instructions:
1. Log into Zoom MMR admin interface. 2. Navigate to System > Software Update. 3. Download and install version 5.2.1716.0 or later. 4. Reboot the MMR as prompted after installation.
🔧 Temporary Workarounds
Network Segmentation
allIsolate MMR systems from critical network segments and restrict inbound connections to only necessary Zoom traffic
Access Control
allImplement strict meeting authentication and participant verification to reduce attack surface
🧯 If You Can't Patch
- Segment MMRs in isolated VLANs with strict firewall rules allowing only Zoom traffic
- Implement network monitoring for unusual outbound connections from MMR systems
🔍 How to Verify
Check if Vulnerable:
Check MMR version via admin interface: System > About. If version is below 5.2.1716.0, system is vulnerable.Check Version:
Not applicable - check via MMR web admin interfaceVerify Fix Applied:
Confirm version is 5.2.1716.0 or higher in System > About after patching and reboot.📡 Detection & Monitoring
Log Indicators:
- Unusual command execution in MMR logs
- Unexpected process creation on MMR system
- Failed authentication attempts followed by command execution
Network Indicators:
- Unusual outbound connections from MMR to external IPs
- Unexpected network traffic patterns from MMR during meetings
SIEM Query:
source="zoom-mmr" AND (event_type="command_execution" OR process_name NOT IN ("zoom", "mmr-service"))