CVE 9.9 CRITICAL

Zoom Node Deployments – Command Injection_CVE-2026-22844

January 20, 2026 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

AI Analysis

Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) allowing remote code execution

Basic Information

ID CVE-2026-22844

Source Zoom

Published Jan 20, 2026 at 13:57

Affected Product

Vendor Zoom Communications Inc.

Product Zoom Node

Affected Versions Zoom Communications Inc. Zoom Node 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor Zoom Communications Inc.

Product Zoom Node

Version before 5.2.1716.0

References

www.zoom.com /en/trust/security-bulletin/zsb-26001

{
    "lastseen": "",
    "description": "A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.",
    "published": "2026-01-20T13:57:44.803Z",
    "modified": "2026-01-20T13:57:44.803Z",
    "type": "cve",
    "title": "Zoom Node Deployments - Command Injection",
    "source": "Zoom",
    "references": "https://www.zoom.com/en/trust/security-bulletin/zsb-26001",
    "id": "CVE-2026-22844",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Zoom Communications Inc. Zoom Node 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Zoom Node",
    "version": "0",
    "vendor": "Zoom Communications Inc.",
    "ai_description": "Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) allowing remote code execution",
    "ai_severity": "Critical",
    "ai_vendor": "Zoom Communications Inc.",
    "ai_product": "Zoom Node",
    "ai_version": "before 5.2.1716.0",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply