Indian Government Flags Critical Zoom Security Flaw, Enterprise Users Urged to Update Immediately

Businesses relying on Zoom for everyday meetings and collaboration have been put on alert after the Indian government identified a serious security vulnerability that could expose enterprise networks to cyberattacks.

The Indian Computer Emergency Response Team (CERT-In) issued a fresh advisory on February 2, 2026, cautioning companies about a critical flaw affecting specific enterprise versions of Zoom’s infrastructure. The issue reportedly involves a command injection weakness that attackers could exploit to bypass built-in security protections and gain unauthorised control over targeted systems.

Zoom became a household name during the pandemic, powering remote work, virtual classrooms, and online events. Even today, many organisations continue to depend heavily on the platform for internal communication and client interactions. That widespread adoption makes any security risk particularly concerning for businesses that manage sensitive information.

According to the official advisory, the vulnerability is tied to Zoom’s multimedia routing components used within corporate networks. These modules help manage and optimise meeting traffic but may also create an opening for cybercriminals if left unpatched.

“A vulnerability exists in Zoom Node Multimedia Router (MMR) due to an OS command injection issue," the alert notifies.

This type of flaw can allow malicious actors to execute unauthorised commands on affected systems. In practical terms, attackers could potentially tamper with application integrity, escalate privileges, or even crash services altogether.

The agency further suggests that the Zoom security issues could make it high risk for businesses using Zoom applications across platforms. “Successful exploitation of these vulnerabilities could allow an attacker to affect the integrity of the app, gain elevated privileges or cause denial of service conditions on the targeted system."

Security experts say such risks are especially serious for organisations where Zoom is integrated into internal networks or connected with other enterprise systems. A breach could result not just in disrupted meetings but also data theft or wider system compromise.

CERT-In has identified the following affected versions:

Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0

Zoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0

Businesses using these versions are strongly advised to update immediately to the latest releases provided by Zoom. IT administrators should also review access controls, monitor unusual activity, and ensure systems are regularly patched to reduce exposure.

While everyday personal users may not face the same level of risk, enterprise and business environments should treat this alert with urgency. Prompt updates and basic cybersecurity hygiene could make the difference between safe operations and a costly breach.

In an era where digital meetings power critical work, staying secure is just as important as staying connected.