CVE-2026-22844 | THREATINT

Description

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

PUBLISHED Reserved 2026-01-12 | Published 2026-01-20 | Updated 2026-01-20 | Assigner Zoom

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

unaffected

Any version before 5.2.1716.0

affected

References

www.zoom.com/en/trust/security-bulletin/zsb-26001

cve.org (CVE-2026-22844)

nvd.nist.gov (CVE-2026-22844)

Download JSON