Mitel Product Security Advisory MISA-2026-0005
MiCollab Multiple Vulnerabilities
Advisory ID: MISA-2026-0005
Publish Date: 2026-06-17
Last Updated: 2026-06-17
Revision: 1.0
Summary
This security advisory addresses multiple vulnerabilities identified in MiCollab:
A command injection vulnerability, MTLVULN-1667, has been identified in the MiCollab Client Service component of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow an unauthenticated attacker to conduct a command injection attack due to improper certificate validation. A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands within the context of the system. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
A command injection vulnerability, MTLVULN-1666, has been identified in the Feedback Module of the MiCollab Client Service component of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands within the context of the system. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
A command injection vulnerability, MTLVULN-1669, has been identified in the MiCollab Client Service component of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands within the context of the system. The vulnerability severity is rated as Critical.
A missing authorization vulnerability, MTLVULN-1668, has been identified in the MiCollab Client Service component of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow an unauthenticated attacker to conduct an unauthorized access attack due to missing authentication mechanisms. A successful exploit of this vulnerability could allow an attacker to view, corrupt, or delete system configurations. The vulnerability severity is rated as Critical.
A server-side request forgery (SSRF) vulnerability, MTLVULN-1641, has been identified in the MiCollab Client Service component of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow an unauthenticated attacker to conduct an SSRF attack due to insufficient restriction of user-provided URLs. A successful exploit of this vulnerability could allow an attacker to leverage connections and permissions available to the host server. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
An SQL injection vulnerability, MTLVULN-1665, has been identified in the MiCollab Client Service component of Mitel MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) which, if successfully exploited, could allow an unauthenticated attacker to conduct an SQL Injection attack due to insufficient validation of user input. A successful exploit of this vulnerability could allow an attacker to execute arbitrary SQL database commands. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
A command injection vulnerability, MTLVULN-1631 has been identified in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands within the context of the system. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
A command injection vulnerability, MTLVULN-1672, has been identified in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit of this vulnerability could allow an attacker to execute arbitrary commands within the context of the system. The vulnerability severity is rated as Critical.
Credit is given to Phuoc Pham and Dung Pham, independent security researchers, for highlighting these issues and bringing them to our attention.
An unauthorized file write vulnerability, MTLVULN-1633, has been identified in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow an unauthenticated attacker to conduct an unauthorized write to arbitrary files with malicious contents due to lack of path sanitization. A successful exploit of this vulnerability could allow an attacker to execute arbitrary code. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
An arbitrary file upload vulnerability, MTLVULN-1632, has been identified in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow an unauthenticated attacker to upload arbitrary files with malicious contents due to missing authentication mechanisms, insufficient file content sanitization, and lack of file type validation. A successful exploit of this vulnerability could allow an attacker to upload arbitrary files with malicious content. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
An XML external entity (XXE) injection vulnerability, MTLVULN-1664, has been identified in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab which, if successfully exploited, could allow an unauthenticated attacker to conduct unauthorized read access to local files on the MiCollab server due to the XML parser allowing external entities. A successful exploit of this vulnerability could allow an attacker to obtain unauthorized access to arbitrary files. The vulnerability severity is rated as High.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
An SQL injection vulnerability, MTLVULN-1640, has been identified in the Audio, Web, and Video Conferencing (AWV) component of Mitel MiCollab which, if successfully exploited, could allow an unauthenticated attacker to conduct an SQL injection attack due to insufficient validation of user input. A successful exploit of this vulnerability could allow an attacker to execute arbitrary SQL database commands. The vulnerability severity is rated as Critical.
Credit is given to Mustafa Can Ipekci of Synack Red Team for highlighting these issues and bringing them to our attention.
Mitel is recommending customers with affected product versions update to the available solutions as soon as feasible.
Affected Products and Solutions
This security advisory provides information on the following products:
| PRODUCT NAME | VERSION(S) AFFECTED | SOLUTION(S) AVAILABLE |
| MiCollab | 10.0 (10.0.0.26) to 10.2 SP1 FP1 (10.2.1.102) and 9.8 SP3 FP1 (9.8.3.103) and earlier | Upgrade to version 10.2 SP1 FP2 (10.2.1.205) or upgrade to version 9.8 SP3 FP2 (9.8.3.203), or subsequent releases. |
| MiVoice Business Solution Virtual Instance (MiVB SVI) | 2.1.0.9-2 and earlier | For MIVB SVI 2.x, update to 2.1.0.9-4, or upgrade to subsequent releases. For MiVB SVI 1.0, upgrade the MiCollab Client Service UC server blade 9.8.3.203 individually from the SVI Server Manager Blades panel |
Product statements are related only to supported product versions. Products which have reached End of Support status are not considered.
Note: MiVoice Business Solution Virtual Instance (MiVB SVI) is only impacted by the vulnerabilities affecting the MiCollab Client Service component of Mitel MiCollab.
Vulnerability Severity
The following products have been identified as affected:
| PRODUCT NAME | CVE ID | SEVERITY | CVSS 3.1 BASE SCORE |
| MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) | MTLVULN-1667 | Critical / 10.0 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) | MTLVULN-1666 | Critical / 10.0 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) | MTLVULN-1669 | Critical / 9.8 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) | MTLVULN-1668 | Critical / 9.8 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) | MTLVULN-1641 | Critical / 9.3 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) | MTLVULN-1665 | Critical / 10.0 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| MiCollab | MTLVULN-1631 | Critical / 10.0 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| MiCollab | MTLVULN-1672 | Critical / 9.8 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| MiCollab | MTLVULN-1633 | Critical / 10.0 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| MiCollab | MTLVULN-1632 | Critical / 9.8 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| MiCollab | MTLVULN-1664 | High / 8.2 | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L |
| MiCollab | MTLVULN-1640 | Critical / 10.0 | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Exploiting these vulnerabilities together can significantly amplify their impact.
Note: The above issues are referenced here by our internal tracking IDs. CVE identifiers have been requested but are not yet assigned.
Mitigations / Workarounds
For customers who are not currently able to upgrade to the latest version in a timely manner, the risk may be mitigated by following the instructions found in the security Knowledge Base article.
Solution/ Recommended Action
This issue is addressed in MiCollab version 10.2 SP1 FP2 (10.2.1.205) or version 9.8 SP3 FP2 (9.8.3.203).
For MiVoice Business Solution Virtual Instance (MiVB SVI), this issue is addressed in the following versions:
- For MIVB SVI 2.x, update to 2.1.0.9-4, or upgrade to subsequent releases.
- For MiVB SVI 1.0, upgrade the MiCollab Client Service UC server blade 9.8.3.203 individually from the SVI Server Manager Blades panel.
Customers are advised to upgrade to these or subsequent releases.
Please see Mitel Security Knowledge Base article KB000127975, “MiCollab Security Update - MiCollab Multiple Critical Vulnerabilities”, for detailed instructions regarding the upgrade.
If you do not have access to this link, please contact your Mitel Authorized Partner for support.
For further information, please contact Mitel Product Support.
Revision History
| Version | Date | Description |
|---|---|---|
| 1.0 | 2026-06-17 | Initial release |
Publisher and Legal Disclaimer
Publisher: Mitel PSIRT / [email protected]
The information provided in this advisory is provided "as is" without warranty of any kind. The information is subject to change without notice. Mitel and its affiliates do not guarantee and accept no legal liability whatsoever arising from or connected to the accuracy, reliability, currency or completeness of the information provided. No part of this document can be reproduced or transmitted in any form or by any means - electronic or mechanical - for any purpose without written permission from Mitel Networks Corporation.