Zoom On-Premise Deployments: Improper Access Control Vulnerability
Description
Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Improper access control in Zoom On-Premise Meeting Connector MMR before 4.8.129.20220714 lets attackers join meetings invisibly, bypass waiting rooms, and become host.
Vulnerability
The Zoom On-Premise Meeting Connector MMR component before version 4.8.129.20220714 contains an improper access control vulnerability [1]. This flaw allows a malicious actor to perform unauthorized actions within a meeting they are otherwise authorized to join.
Exploitation
An attacker who is authorized to join a meeting (e.g., has valid credentials or a meeting link) can exploit the access control weakness. The attacker can join the meeting without appearing to other participants, admit themselves from the waiting room, and escalate privileges to become the host, enabling further meeting disruptions.
Impact
Successful exploitation grants the attacker the ability to join meetings invisibly, bypass waiting room restrictions, gain host privileges, and cause disruptions such as removing participants or altering meeting settings. This compromises the integrity and availability of the meeting and may lead to unauthorized information disclosure.
Mitigation
Upgrade to Zoom On-Premise Meeting Connector MMR version 4.8.129.20220714 or later [1]. No workarounds are documented; applying the update is the recommended action.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 4.8.129.20220714
- Range: unspecified
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- explore.zoom.us/en/trust/security/security-bulletin/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.