—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Command Injection Vulnerability in Zoom 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0

Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0

Overview

A vulnerability has been reported in Zoom Node Multimedia Router (MMR) that could be exploited by an attacker to execute arbitrary commands on the targeted system.

Target Audience:

All end-users of organizations using Zoom applications.

Risk Assessment:

High risk of remote system compromise.

Impact Assessment:

Potential for full system compromise.

Description

A vulnerability exists in Zoom Node Multimedia Router (MMR) due to an OS command injection issue.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned in the Zoom Security Bulletin.

https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

Vendor Information

Zoom

https://www.zoom.com/en/trust/security-bulletin

References

Zoom

https://www.zoom.com/en/trust/security-bulletin/zsb-26001/

CVE Name

CVE-2026-22844

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmCBeAACgkQ3jCgcSdc

ys+hPA/6AtWSPwIfGmYXg0PGTASpOCqU0hWP5/lrNSaIn5pAMnfK+pC+yY//B+as

0bS6B947kN4E4UK8p1nnkrzzx5u1+VAsq1zySE6lSGaWI+Xpv5tVe5AMdcUSeflw

9JvsfBPuXREC0lwOqHYAEs25/0+mxfrsjc1RQOgxU/4VZ2k5SemLe6ZBurm75kb+

QxuRe6VkHTM7jRt60IrwsPbMbt9dHpTGZEXJQfiwnVWeVPZAaAB/GeVQfryiPKwW

0B69H1KzS6yKnRL6zmZ0aeIA6ETkD92tyfYnnXXOYlNL8YkuAGTQN3EDxg5RoUk0

4jq6MhYUCBfW/6twN8iuYiG6fvaIViWkVl1TWr3YpBF7klmHCyz7FOJ3MOceKO1M

3lT1W4ICjqbIq7lbDHi1uwzi1TL3kJp7ayNNT1oSe6xTXorvTGDUVBHze4s2RoZl

odWEeLQ6SpP0JHfaNatP6DLfIyGipv3OhbbLiwege2QC5DpwTvBA4PD8+GUNQC1d

6kwLEs3yrcJ/rM4jzImAFRazty9jQfDWyUX7L7NMzqCmlt9n/ebqPxigil5opiIP

+xOdYBkHH5XNmLNBL7lyqTIAZ13mH9OYVXTpZh/PMVr+tZLj3K4QtmaJ2gWjk8oC

2qPg/FzWSmvo0IMGHP1eUoKQ7ytM77vt+JtQqEoZ3TNr+jSMO50=

=b6k6

—–END PGP SIGNATURE—–