Critical RCE in Zoom Node Multimedia Routers (CVE-2026-22844)
Zoom disclosed and patched a critical command-injection vulnerability in Zoom Node Multimedia Routers (MMRs) that could allow remote code execution by a meeting participant over network access. The issue, tracked as CVE-2026-22844 with a CVSS 9.9, affects Zoom Node MMR modules prior to version 5.2.1716.0; Zoom advised customers running Zoom Node Meetings Hybrid (ZMH) and Zoom Node Meeting Connector (MC) deployments to update to 5.2.1716.0 or later. Zoom stated it has no evidence of in-the-wild exploitation at the time of disclosure.
Separately, GitLab released fixes for multiple high-severity vulnerabilities in GitLab CE/EE, including issues that could enable denial-of-service (DoS) and a two-factor authentication (2FA) bypass (e.g., CVE-2025-13927 and CVE-2025-13928, both CVSS 7.5, affecting broad version ranges). While reported alongside the Zoom update in one source, the GitLab items represent a distinct patch set and are not part of the Zoom MMR vulnerability event.
Related Entities
Vulnerabilities
Organizations
Sources
Related Stories
Zoom Windows Client Vulnerabilities Including Critical Privilege Escalation
Zoom published security advisories on March 10, 2026 addressing multiple vulnerabilities affecting Windows components, including *Zoom Workplace for Windows*, *Zoom Meeting SDK for Windows*, *Zoom Rooms for Windows*, and the *Zoom Workplace VDI Client for Windows*. The Canadian Centre for Cyber Security advisory **AV26-231** urged organizations to review Zoom’s bulletins and apply updates, noting issues spanning **external control of file name or path**, **improper privilege management**, **improper input validation**, and an **improper check** condition across the affected Windows products and versions. Reporting on the same Zoom bulletin set, one write-up highlighted four Windows-side flaws ranging from **High to Critical** severity, including a **Critical** issue in the Zoom Workplace for Windows Mail feature tracked as **CVE-2026-30903 (ZSB-26005)**, described as an *External Control of File Name or Path* weakness that could enable **unauthenticated remote privilege escalation**. The additional disclosed issues were described as **CVE-2026-30902 (ZSB-26004)** affecting Zoom Clients for Windows (*Improper Privilege Management*), **CVE-2026-30901 (ZSB-26003)** affecting Zoom Rooms for Windows (*Improper Input Validation*), and **CVE-2026-30900 (ZSB-26002)** affecting Zoom Workplace Clients for Windows (*Improper Check*), with remediation requiring upgrading to fixed releases per Zoom’s advisories.
5 days ago
Multiple Actively Exploited Vulnerabilities and Social-Engineering Breaches Reported Across Zoom, SmarterMail, Vite, and Appsmith
Several vendors and security trackers reported **high-impact vulnerabilities** with exploitation risk, alongside separate **social-engineering-driven breaches**. Zoom disclosed a **command injection** issue in Zoom Node Multimedia Routers (MMRs) used in certain hybrid meeting environments, tracked as **CVE-2026-22844** (reported with a high technical severity), which could allow meeting participants to execute arbitrary code; administrators were advised to update to *Zoom* version **5.2.1716.0**. SmarterTools reported a critical **authentication bypass** in *SmarterMail* (**CVE-2026-23760**) that could allow unauthenticated attackers to reset admin passwords via the `force-reset-password` API endpoint and potentially reach OS command execution and full remote code execution; mitigations included upgrading to **Build 9511**, resetting admin passwords, and enabling MFA. Separately, *Vite* was reported as affected by an **improper access control** flaw (**CVE-2025-31125**) enabling exposure of sensitive files by bypassing `server.fs.deny` protections using crafted query parameters (e.g., `?inline&import` or `?raw&import`); the issue was noted as being exploited in the wild and added to the **CISA Known Exploited Vulnerabilities** catalog. SC Media also reported active exploitation of an *Appsmith* **authentication flaw** (**CVE-2026-22794**) tied to the password reset flow, enabling account takeover by leaking reset tokens; defenders were urged to upgrade to **Appsmith 1.93**, which tightens Origin header validation and trusted base URL enforcement. In parallel to these vulnerability-driven risks, the Canadian Investment Regulatory Organization (**CIRO**) disclosed a **phishing-led breach** affecting ~**750,000** investors with exposure of highly sensitive identifiers (including social insurance numbers and investment information), while Betterment confirmed **unauthorized access via social engineering** that exposed customer contact/identity data and was used to send fraudulent cryptocurrency-scam notifications to users.
1 months ago
Active Exploitation of Cisco Unified Communications RCE (CVE-2026-20045)
Cisco released fixes for a **critical remote code execution** vulnerability in Unified Communications and *Webex Calling Dedicated Instance*, tracked as **CVE-2026-20045**, after it was **actively exploited as a zero-day**. The issue stems from **improper validation of user-supplied input in HTTP requests** to the web-based management interface; successful exploitation can provide **user-level OS access** and enable **privilege escalation to root**. Affected products include **Cisco Unified Communications Manager (Unified CM)**, **Unified CM Session Management Edition (SME)**, **Unified CM IM & Presence**, **Cisco Unity Connection**, and **Webex Calling Dedicated Instance**; Cisco provided version-specific remediations including fixed releases and `.cop` patch files (e.g., `ciscocm.V14SU4a_CSCwr21851_remote_code_v1.cop.sha512`). CISA added **CVE-2026-20045** to its **Known Exploited Vulnerabilities (KEV) Catalog**, citing evidence of active exploitation and highlighting code injection flaws as a common attack vector with significant risk to the federal enterprise. Under **Binding Operational Directive (BOD) 22-01**, Federal Civilian Executive Branch agencies are required to remediate KEV-listed vulnerabilities by the specified due date, and CISA urged all organizations to similarly prioritize patching to reduce exposure to ongoing attacks.
1 months ago