CVE-2026-22844
Unknown Unknown - Not Provided
Command Injection in Zoom MMR Enables Remote Code Execution

Publication date: 2026-01-20

Last updated on: 2026-01-20

Assigner: Zoom Video Communications, Inc.

Description
A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-20
Last Modified
2026-01-20
Generated
2026-06-16
AI Q&A
2026-01-20
EPSS Evaluated
2026-06-15
NVD
CVE-2026-22844
EUVD
EUVD-2026-3437
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
zoom node_multimedia_routers to 5.2.1716.0 (exc)
zoom node_meetings_hybrid to 5.2.1716.0 (exc)
zoom node_meeting_connector to 5.2.1716.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a critical Command Injection flaw in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0. It allows a meeting participant to execute remote code on the MMR via network access, meaning an attacker can run arbitrary commands on the affected system remotely. [1]

Impact Analysis

The vulnerability can lead to remote code execution on the affected Zoom MMR, potentially compromising the confidentiality, integrity, and availability of the system. This means an attacker could take control of the MMR, access sensitive data, disrupt services, or alter system operations. [1]

Mitigation Strategies

Administrators are strongly advised to update Zoom Node Multimedia Routers (MMRs) to version 5.2.1716.0 or later following Zoom's update management procedures to mitigate the risk of this critical Command Injection vulnerability. [1]

Compliance Impact

The vulnerability allows remote code execution on Zoom Node Multimedia Routers, potentially compromising confidentiality, integrity, and availability of data. Such a compromise could lead to violations of data protection requirements under standards like GDPR and HIPAA, which mandate safeguarding sensitive information and ensuring system security. Therefore, if exploited, this vulnerability may negatively impact compliance with these regulations by exposing protected data or disrupting secure operations. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-22844. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart