Mitel Product Security Advisory MISA-2026-0004
Linux Kernel Local Privilege Escalation Vulnerabilities "Dirty Frag" (CVE-2026-43284, CVE-2026-43500)
Advisory ID: MISA-2026-0004
Publish Date: 2026-05-28
Last Updated: 2026-05-29
Revision: 2.0
Summary
In May 2026, two local privilege escalation vulnerabilities in Linux Kernels were publicly disclosed.
A Local Privilege Escalation Vulnerability, CVE-2026-43284, has been identified in the ESP-in-UDP packet handling (xfrm/esp) component of the Kernel of multiple major Linux distributions, which if successfully exploited, could allow an authenticated attacker with local access to a vulnerable system to conduct local privilege escalation or denial-of-service attack due to missing SKBFL_SHARED_FRAG flags during UDP page splicing, forcing incorrect in-place decryption over shared data. The vulnerability severity is rated as high, based on the assessment provided in the CVE record.
A Local Privilege Escalation Vulnerability, CVE-2026-43500, has been identified in the rxrpc network protocol implementation (DATA/RESPONSE packet handler) of the Kernel of multiple major Linux distributions, which if successfully exploited, could allow an authenticated attacker with local access to a vulnerable system to conduct local privilege escalation or denial-of-service attack due to failing to unshare uncloned packets with external fragments, allowing in-place decryption to modify shared memory. The vulnerability severity is rated as high, based on the assessment provided in the CVE record.
Affected Products and Solutions
Mitel is actively investigating the impact of CVE-2026-43284 and CVE-2026-43500 on Mitel software and hardware appliances that ship with embedded Linux operating systems or Linux Kernel. Mitel will provide updates as more information becomes available.
For Mitel applications that are installed on a Linux operating system that is not embedded within the product, Mitel does not provide guidance for the operating system and customers should follow the instructions of the Linux operating system provider. Mitel will not deliver updates for these Linux operating systems.
Windows-based products are not affected by this vulnerability. No action is required for systems running on Microsoft Windows.
Product statements are related only to supported product versions. Products which have reached End of Support status are not considered.
This security advisory provides information on the following products:
Platforms, Solutions and Gateways:
| Product Name | Status | Version(s) Affected | Solution / Mitigation |
| Mitel Standard Linux | Affected | 12.x | |
| MiVoice 5000 | Affected | 8.x | See KB article: KB000127880 |
| MiVoice Border Gateway | Affected | 11.6.x, 12.x | |
| MiVoice Business | Affected | 10.1.x to 10.5.x | MXeIII, CXII, AX and SMBC platforms are not affected. |
| MiVoice Business Solution Virtual Instance | Affected | 2.x | |
| MiVoice MX-ONE | Affected | 7.3 to 7.8 and 8.x | See KB article: KB000127880 |
| Mitel SMB Controller | Not Affected | ||
| Mitel AG41xx Analog Gateways | Not Affected | ||
| Mitel EX Controller and Mitel GX Gateway | Not Affected | ||
| OpenScape 4000 | Affected | V10 R1.x, V11 R0.22, V11 R1.26 | See KB article: KB000127880 |
| OpenScape Branch | Affected | V10.3 and V11.x | See KB article: KB000127880 |
| OpenScape Business X | Not Affected | ||
| OpenScape SBC | Affected | V10.3 and V11.x | See KB article: KB000127880 |
| OpenScape Voice Server | Affected | V9R3 JITC, V10, V11 | See KB article: KB000127880 |
Applications:
| Product Name | Status | Version(s) Affected | Solution / Mitigation |
| MiCollab | Affected | 10.x | See KB article: KB000127880 |
| MiCloud Management Portal | Affected | 6.3.x | |
| Mitel Open Integration Gateway | Affected | 4.3.x | |
| Mitel Performance Analytics | Affected | MPA 3.6x | See KB article: KB000127880 |
| OpenScape Alarm Response | Not Affected | ||
| OpenScape UC Application | Not Affected | V11 is not Affected V10 apply OS update | |
| OpenScape Contact Media Service (used by Mitel CX and OpenScape Contact Center) | Affected | V12Rx | See KB article: KB000127880 |
Devices:
| Product Name | Status | Version(s) Affected | Solution / Mitigation |
| Mitel 6800 IP Phone Series | Not Affected | ||
| Mitel 6900 IP Phone Series | Not Affected | ||
| Mitel 5634 Wi-Fi Phone | Not Affected | ||
| Mitel IP-DECT | Not Affected | ||
| Mitel RFP12/RFP14 DECT | Not Affected | ||
| Mitel SIP DECT | Affected | 9.1, 9.2, 10.0, 10.1 | See KB article: KB000127880 |
| Mitel TA7100 Series | Not Affected | ||
| OpenScape Cordless | Investigating | ||
| OpenScape DECT Phone | Not Affected | ||
| OpenScape Desk Phones CP | Investigating | ||
| OpenScape Endpoint Management | Investigating | ||
| OpenScape WLAN Phone | Not Affected | ||
| OpenScape Xpert Clients 6010P | Affected | V7, V8 | See KB article: KB000127880 |
This section will be updated as Mitel’s investigation continues.
Vulnerability Severity
The vulnerability is rated as high severity, based on the assessment provided in the CVE record.
| CVE ID | SEVERITY | CVSS 3.1 BASE SCORE |
| CVE-2026-43284 | High / 7.8 | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| CVE-2026-43500 | High / 7.8 | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Solution/ Recommended Action
Mitel is actively investigating the impact of CVE-2026-43284 and CVE-2026-43500 on our products and will provide updates as more information becomes available.
Please see Mitel Security Knowledge Base article KB000127880, Linux Kernel Local Privilege Escalation Vulnerabilities "Dirty Frag" Security Update (CVE-2026-43284, CVE-2026-43500).
References
CVE-2026-43284, CVE-2026-43500
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2026-05-28 | Initial release |
| 2.0 | 2026-05-29 | Updated the "Status" for Mitel 6800 IP Phone Series, Mitel 6900 IP Phone Series and Mitel 5634 Wi-Fi Phone |
Publisher and Legal Disclaimer
Publisher: Mitel PSIRT / [email protected]
The information provided in this advisory is provided "as is" without warranty of any kind. The information is subject to change without notice. Mitel and its affiliates do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of the information provided. No part of this document can be reproduced or transmitted in any form or by any means - electronic or mechanical - for any purpose without written permission from Mitel Networks Corporation.