"The vulnerability, tracked as CVE-2026-22844 and discovered internally by its Offensive Security team, carries a CVSS score of 9.9 out of 10.0. "A command injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access," the company noted in a Tuesday alert."
"The disclosure comes as GitLab released fixes for multiple high-severity flaws affecting its Community Edition (CE) and Enterprise Edition (EE) that could result in DoS and a bypass of two-factor authentication (2FA) protections. The shortcomings are listed below - CVE-2025-13927 (CVSS score: 7.5) - A vulnerability that could allow an unauthenticated user to create a DoS condition by sending crafted requests with malformed authentication data (Affects all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2)"
Zoom Node Multimedia Routers (MMRs) contain a command injection vulnerability (CVE-2026-22844, CVSS 9.9) that may allow a meeting participant to execute code on the MMR via network access. Affected MMR module versions are those prior to 5.2.1716.0 for Zoom Node Meetings Hybrid and Meeting Connector deployments. Zoom recommends updating MMRs to the latest available version and reports no evidence of in-the-wild exploitation. GitLab released patches addressing multiple high-severity flaws, including CVE-2025-13927 and CVE-2025-13928 (CVSS 7.5), which can cause denial-of-service conditions and may enable bypasses of two-factor authentication in affected CE and EE versions.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]