Are you making video calls on Zoom? The Indian government has issued a new high-risk security alert for Zoom users after the Indian Computer Emergency Response Team (CERT-In) identified a critical vulnerability on February 2, 2026. According to the advisory, hackers could exploit the flaw to remotely send malicious commands to affected systems, potentially allowing them to take full control, just like a legitimate user.
The core of the problem lies in the Zoom Node Multimedia Router (MMR), which handles audio and video traffic in large or hybrid meeting setups. CERT-In said the vulnerability impacts Zoom Node Meetings, Hybrid and Zoom Node Meeting Connector modules running on versions older than 5.2.1716.0. "The flaw could allow a remote attacker to run malicious commands on affected systems, potentially taking full control," the cybersecurity agency said.
Zoom’s own security bulletin paints an even grimmer picture. The US-based video conferencing application has rated the flaw as 'Critical; with a CVSS score of 9.9 out of 10, which places it among the most dangerous categories of software vulnerabilities. Tracked as CVE-2026-22844, the issue could allow a meeting participant to execute arbitrary code on the server through network access.
Simply put, a person attending a meeting could exploit this weakness to compromise the entire backend system. This might result in data breaches, the deployment of ransomware, service disruptions, or even more serious problems, all while the meeting appears to continue normally.
CERT-In warned that the flaw could lead to complete system compromise, posing a serious risk for organisations using Zoom for internal, hybrid, or sensitive meetings. While personal devices are not directly affected, IT teams must act quickly. Administrators are urged to upgrade to version 5.2.1716.0 or later, as delaying updates increases the risk of attack. Users unsure about their organisation’s Zoom setup should alert their IT teams immediately.