Full Report
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution. The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844
Analysis Summary
# Vulnerability: Critical RCE in Zoom Node Multimedia Routers (CVE-2026-22844)
This summary focuses on the critical Zoom vulnerability, drawing details from the provided advisory context, and briefly lists the associated GitLab flaws for completeness.
## CVE Details (Zoom)
- CVE ID: CVE-2026-22844
- CVSS Score: 9.9 (Critical)
- CWE: Command Injection (Implied)
## Affected Systems (Zoom)
- Products: Zoom Node Multimedia Routers (MMR), specifically within Zoom Node Meetings Hybrid (ZMH) and Zoom Node Meeting Connector (MC) deployments.
- Versions: All MMR module versions prior to 5.2.1716.0.
- Configurations: Deployments utilizing ZMH or MC MMR modules.
## Vulnerability Description (Zoom)
This is a command injection vulnerability residing in the Zoom Node Multimedia Routers (MMRs). A remote, authenticated meeting participant can send crafted network requests that allow them to execute arbitrary code on the affected MMR host.
## Exploitation (Zoom)
- Status: Not exploited in the wild (based on the provided text).
- Complexity: Not specified, but RCE stemming from network access is generally considered high severity.
- Attack Vector: Network access.
## Impact (Zoom)
- Confidentiality: High (Implied by RCE)
- Integrity: High (Implied by RCE)
- Availability: High (Implied by RCE/DoS potential)
---
### Summary of GitLab Vulnerabilities Mentioned
Zoom's advisory was published alongside several updates from GitLab addressing high and medium-severity issues:
| CVE ID | CVSS Score | Severity | Flaw Type | Affected Versions (General) |
| :--- | :--- | :--- | :--- | :--- |
| CVE-2025-13927 | 7.5 | High | DoS (Malformed Auth Data) | Before 18.6.4, 18.7.2, 18.8.2 |
| CVE-2025-13928 | 7.5 | High | DoS (Releases API Auth Bypass) | Before 18.6.4, 18.7.2, 18.8.2 |
| CVE-2026-0723 | 7.4 | High | 2FA Bypass (Forged Device Response) | Before 18.6.4, 18.7.2, 18.8.2 |
| CVE-2025-13335 | 6.5 | Medium | DoS (Malformed Wiki Documents) | N/A |
| CVE-2026-1102 | 5.3 | Medium | DoS (Repeated Malformed SSH) | N/A |
## Remediation
### Patches
- **Zoom (CVE-2026-22844):** Update the Zoom Node Multimedia Router (MMR) module to version **5.2.1716.0 or newer**.
- **GitLab:** Update to versions **18.6.4, 18.7.2, or 18.8.2** (or higher) to cover all disclosed flaws.
### Workarounds
- **Zoom (CVE-2026-22844):** No specific workarounds were detailed, but the recommendation is to update deployments using Zoom Node Meetings, Hybrid, or Meeting Connector.
## Detection
- Detection strategies for the Zoom RCE would typically involve monitoring network traffic targeting the MMR component for unusual command structures or payloads.
- For GitLab, monitoring for malformed authentication data, unusual activity against the Releases API from unauthenticated sources, and forged device responses would be relevant.
## References
- Vendor Advisory (Zoom): hxxps://www.zoom.com/en/trust/security-bulletin/zsb-26001/
- News Source: hxxps://thehackernews.com/2026/01/zoom-and-gitlab-release-security.html