Skip to Content

How Do I Patch the High-Severity Zoom Node Exploit CVE-2026-22844?

By: Author Alex Lim

Posted on

Categories Cybersecurity

Home » Cybersecurity » How Do I Patch the High-Severity Zoom Node Exploit CVE-2026-22844?

Is Your Zoom Meeting Safe from the New Critical RCE Vulnerability?

A critical security flaw has been identified within the Zoom Node Multimedia Router (MMR) infrastructure. Designated as CVE-2026-22844, this vulnerability carries a near-maximum CVSS severity score of 9.9, indicating an immediate threat to organizational security.

Zoom officially released this warning on January 20, 2026, urging all administrators to verify their software versions immediately. Failure to address this issue exposes your network to remote attacks.

Understanding the Threat

The vulnerability exists in the Multimedia Router (MMR) component of Zoom Node. This component handles media traffic for meetings.

  • The Mechanism: This is a command injection vulnerability. It allows an attacker to inject malicious commands into the system.
  • The Vector: The attack originates from a meeting participant. An individual with network access to the meeting can exploit the MMR to execute arbitrary code remotely.
  • The Impact: Remote Code Execution (RCE) means an attacker can take control of the server running the MMR. This effectively bypasses security boundaries, allowing unauthorized access to sensitive data or further network infiltration.

Recent data from security researchers at Hunter indicates significant exposure, with approximately 12,300 Zoom Node MMRs currently identified as vulnerable public-facing instances.

Affected Systems

This advisory applies specifically to organizations utilizing Zoom’s on-premise or hybrid solutions. It does not affect standard consumer Zoom clients, but rather the infrastructure hosting the meetings.

Vulnerable Products:

  • Zoom Node Meetings Hybrid (ZMH) MMR module: Versions prior to 5.2.1716.0
  • Zoom Node Meeting Connector (MC) MMR module: Versions prior to 5.2.1716.0

If your organization deploys either of these modules and operates on a version older than 5.2.1716.0, your infrastructure is at risk.

Remediation Strategy

Immediate patching is the only effective mitigation. Administrators must update the MMR software to version 5.2.1716.0 or higher.

Action Plan for Administrators:

  1. Audit: Check the current version of your deployed MMR modules.
  2. Update: Navigate to the Zoom Node management console.
  3. Execute: Follow the official protocol outlined in Zoom’s support documentation: “Managing updates for Zoom Node.”
  4. Verify: Confirm the update installation and ensure the version number reflects the patched release.

Refer to the official security advisory ZSB-26001 for technical specifics. Delaying this update increases the window of opportunity for threat actors actively scanning for unpatched nodes.