Zoom and GitLab have rolled out security updates to address a series of vulnerabilities that could expose affected systems to denial of service conditions and, in some cases, remote code execution. The disclosures highlight the ongoing security challenges faced by widely used collaboration and development platforms and underline the importance of timely patching. Both companies have confirmed that the issues were identified through internal reviews and responsible disclosure processes, and users have been urged to apply the latest updates to reduce potential risk.
The most serious issue disclosed relates to Zoom Node Multimedia Routers, where a critical command injection vulnerability could allow a meeting participant to execute arbitrary code on the affected system. The flaw, tracked as CVE-2026-22844, carries a CVSS score of 9.9 out of 10.0, making it one of the most severe vulnerabilities reported in recent updates. According to Zoom, the issue affects Zoom Node Meetings Hybrid and Zoom Node Meeting Connector MMR modules running versions earlier than 5.2.1716.0. The vulnerability was discovered internally by Zoom’s Offensive Security team and could be exploited over network access during a meeting session. Zoom has advised customers using Zoom Node Meetings, Hybrid deployments, or Meeting Connector environments to update to the latest available MMR version as a precautionary measure. The company also stated that there is no evidence suggesting the flaw has been actively exploited in real world attacks.
Alongside Zoom’s advisory, GitLab has released fixes for several high severity vulnerabilities impacting both its Community Edition and Enterprise Edition offerings. These issues could allow attackers to trigger denial of service conditions or bypass two factor authentication protections under certain circumstances. One of the disclosed flaws, CVE-2025-13927 with a CVSS score of 7.5, could enable an unauthenticated user to create a denial of service condition by sending crafted requests containing malformed authentication data. Another vulnerability, CVE-2025-13928, also rated 7.5, affects the Releases API and could similarly be abused by unauthenticated users to disrupt service availability. Both of these issues affect a wide range of GitLab versions, including releases from 11.9 up to specific patched versions across the 18.6, 18.7, and 18.8 branches.
GitLab also addressed a high severity authentication related flaw tracked as CVE-2026-0723, which carries a CVSS score of 7.4. This vulnerability could allow an attacker with prior knowledge of a victim’s credential ID to bypass two factor authentication by submitting forged device responses. In addition to the high severity issues, GitLab patched two medium severity vulnerabilities that could also lead to denial of service scenarios. These include CVE-2025-13335, which involves malformed Wiki documents that bypass cycle detection, and CVE-2026-1102, which could be exploited by sending repeated malformed SSH authentication requests. GitLab has urged administrators to review the affected versions and apply the recommended updates promptly to maintain the integrity and availability of their environments.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
