This security advisory covers multiple critical and high-severity vulnerabilities recently patched by Zoom and GitLab. The most critical issue is CVE-2026-22844, a command injection vulnerability in Zoom Node Multimedia Routers (MMRs) prior to version 5.2.1716.0. This flaw allows a meeting participant, via network access, to execute arbitrary code on the MMR device, which is a core component in Zoom’s hybrid and meeting connector deployments. Exploitation could lead to full compromise of the MMR, enabling attackers to disrupt meetings, intercept communications, or pivot into internal networks. The vulnerability was discovered internally by Zoom’s Offensive Security team and carries a CVSS score of 9.9, indicating critical severity. Zoom strongly recommends updating affected MMR modules immediately. GitLab disclosed multiple high-severity vulnerabilities affecting its Community and Enterprise Editions. CVE-2025-13927 and CVE-2025-13928 are unauthenticated DoS vulnerabilities exploitable via malformed authentication data and incorrect authorization in the Releases API, respectively. CVE-2026-0723 is a 2FA bypass vulnerability allowing attackers with knowledge of a victim’s credential ID to forge device responses and bypass two-factor authentication protections. These flaws affect a broad range of GitLab versions from 11.9 up to versions prior to 18.6.4, 18.7.2, and 18.8.2. Additional medium-severity DoS vulnerabilities (CVE-2025-13335 and CVE-2026-1102) were also patched. No active exploitation has been reported for these GitLab vulnerabilities. Together, these vulnerabilities impact critical collaboration and development infrastructure, potentially allowing attackers to disrupt services, bypass security controls, and execute arbitrary code remotely. The combination of remote code execution, DoS, and authentication bypass vulnerabilities represents a significant threat landscape requiring immediate remediation.

For European organizations, the impact of these vulnerabilities is substantial due to the widespread adoption of Zoom for remote collaboration and GitLab for software development and DevOps workflows. Exploitation of the Zoom MMR RCE vulnerability could allow malicious meeting participants to gain control over core meeting infrastructure, leading to potential eavesdropping, meeting disruption, or lateral movement within corporate networks. This threatens confidentiality and availability of sensitive communications and business operations. GitLab’s DoS vulnerabilities could disrupt development pipelines and continuous integration/continuous deployment (CI/CD) processes, causing operational downtime and productivity loss. The 2FA bypass vulnerability undermines an important layer of authentication security, increasing the risk of unauthorized access to source code repositories and sensitive project data. This could lead to intellectual property theft, supply chain compromise, or insertion of malicious code. Given the critical nature of these platforms in European enterprises, government agencies, and critical infrastructure sectors, successful exploitation could have cascading effects on business continuity, data integrity, and regulatory compliance (e.g., GDPR). The absence of known exploitation in the wild provides a window for proactive patching, but the severity and ease of exploitation warrant urgent action.

1. Immediate patching: Organizations must prioritize updating Zoom Node Multimedia Routers to version 5.2.1716.0 or later to remediate the critical RCE vulnerability. Similarly, all affected GitLab instances should be upgraded to the fixed versions (18.6.4, 18.7.2, 18.8.2 or later) as soon as possible. 2. Network segmentation: Restrict network access to Zoom MMR devices to trusted users and networks only, minimizing exposure to untrusted meeting participants. 3. Monitoring and logging: Enable detailed logging and monitor for unusual activity on Zoom MMR devices and GitLab servers, including failed authentication attempts, abnormal API requests, and unexpected process executions. 4. Access controls: Review and tighten access permissions on GitLab repositories and administrative interfaces to limit potential damage from compromised accounts. 5. 2FA enforcement: After patching, enforce strong two-factor authentication policies and educate users on phishing and credential security to reduce risk of credential compromise. 6. Incident response readiness: Prepare to respond to potential exploitation attempts by having forensic and remediation procedures in place. 7. Vendor communication: Stay informed through official Zoom and GitLab channels for any updates or additional mitigations. These steps go beyond generic advice by focusing on immediate patch deployment, network-level protections, and operational monitoring tailored to the specific vulnerabilities.