OS Command Injection in Zoom Node Meetings Hybrid (ZMH) MMR module and Zoom Node Meeting Connector (MC) MMR module - CVE-2026-22844
Published: January 20, 2026
Vulnerability identifier: #VU121695
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2026-22844
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Zoom Video Communications, Inc.
Affected software:
Zoom Node Meetings Hybrid (ZMH) MMR module
Zoom Node Meeting Connector (MC) MMR module
Zoom Node Meetings Hybrid (ZMH) MMR module
Zoom Node Meeting Connector (MC) MMR module
Detailed vulnerability description
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote authenticated user can execute arbitrary OS commands on the Zoom MMR.
How to mitigate CVE-2026-22844
Install updates from vendor's website.