{"id":180341,"date":"2026-01-21T10:42:00","date_gmt":"2026-01-21T15:42:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/21\/zoom-and-gitlab-release-security-updates-fixing-rce-dos-and-2fa-bypass-flaws\/"},"modified":"2026-01-21T13:10:11","modified_gmt":"2026-01-21T18:10:11","slug":"zoom-and-gitlab-release-security-updates-fixing-rce-dos-and-2fa-bypass-flaws","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/01\/21\/zoom-and-gitlab-release-security-updates-fixing-rce-dos-and-2fa-bypass-flaws\/","title":{"rendered":"Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/zoom-and-gitlab-release-security.html\">Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/01\/zoom-and-gitlab-release-security.html\">https:\/\/thehackernews.com\/2026\/01\/zoom-and-gitlab-release-security.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-01-21 10:42:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.<br \/>\n\ue804Ravie Lakshmanan\ue802Jan 21, 2026Vulnerability \/ Network Security<\/p>\n<p>Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.<br \/>\nThe most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844 and discovered internally by its Offensive Security team, carries a CVSS score of 9.9 out of 10.0.<br \/>\n&#8220;A command injection vulnerability in Zoom Node Multimedia Routers (MMRs) before version 5.2.1716.0 may allow a meeting participant to conduct remote code execution of the MMR via network access,&#8221; the company noted in a Tuesday alert.<br \/>\nZoom is recommending that customers using Zoom Node Meetings, Hybrid, or Meeting Connector deployments update to the latest available MMR version to safeguard against any potential threat.<\/p>\n<p>There is no evidence that the security flaw has been exploited in the wild. The vulnerability affects the following versions &#8211;<\/p>\n<p>Zoom Node Meetings Hybrid (ZMH) MMR module versions prior to 5.2.1716.0<br \/>\nZoom Node Meeting Connector (MC) MMR module versions prior to 5.2.1716.0<\/p>\n<p>GitLab Releases Patches for Severe Flaws<br \/>\nThe disclosure comes as GitLab released fixes for multiple high-severity flaws affecting its Community Edition (CE) and Enterprise Edition (EE) that could result in DoS and a bypass of two-factor authentication (2FA) protections. The shortcomings are listed below &#8211;<\/p>\n<p>CVE-2025-13927 (CVSS score: 7.5) &#8211; A vulnerability that could allow an unauthenticated user to create a DoS condition by sending crafted requests with malformed authentication data (Affects all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2)<br \/>\nCVE-2025-13928 (CVSS score: 7.5) &#8211; An incorrect authorization vulnerability in the Releases API that could allow an unauthenticated user to cause a DoS condition (Affects all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2)<br \/>\nCVE-2026-0723 (CVSS score: 7.4) &#8211; A vulnerability that could allow an individual with existing knowledge of a victim&#8217;s credential ID to bypass 2FA by submitting forged device responses (Affects all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 )<\/p>\n<p>Also remediated by GitLab are two other medium-severity bugs that could also trigger a DoS condition (CVE-2025-13335, CVSS score: 6.5, and CVE-2026-1102, CVSS score: 5.3) by configuring malformed Wiki documents that bypass cycle detection and sending repeated malformed SSH authentication requests, respectively.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws https:\/\/thehackernews.com\/2026\/01\/zoom-and-gitlab-release-security.html Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":180342,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiwPQt59QKpm9rpNLriqoUsKPzbWcBj9P-u1ZdIn5xhxR6hgRztxdSAXN5bgEnDvd4uEEBgW4Imr_g-__YN0NY3-vLa_vEuYIwRzlrnRF3s0Vz8wDb937XfoxDbpPFapWvz0wH5TO2rK-32zQ2WLv8_loqE9rZIn_x5RzgtTyxrOQcUN-POOgDziDZNngjf\/s1600-e365\/zoom-gitlab.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[29,27],"class_list":["post-180341","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180341"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=180341"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180341\/revisions"}],"predecessor-version":[{"id":180343,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/180341\/revisions\/180343"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/180342"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=180341"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=180341"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=180341"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}