Zoom and GitLab have released critical security updates to address several vulnerabilities that could lead to remote code execution (RCE) and denial-of-service (DoS) attacks. The most severe vulnerability, tracked as CVE-2026-22844 with a CVSS score of 9.9, affects Zoom Node Multimedia Routers (MMRs). This command injection flaw could allow a meeting participant to execute malicious code remotely via network access, specifically impacting Hybrid and Meeting Connector deployments.
Simultaneously, GitLab has patched multiple high-severity vulnerabilities in its Community and Enterprise Editions. These include CVE-2025-13927 and CVE-2025-13928, which allow unauthenticated users to trigger DoS conditions through malformed requests. Additionally, GitLab addressed CVE-2026-0723, a flaw that permits attackers to bypass two-factor authentication (2FA) by forging device responses if they possess a victim's credential ID. Organizations are urged to update their instances to the latest versions immediately.
Top comments (0)