SB2026061848 - Multiple vulnerabilities in Mitel MiCollab and MiVB SVI

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026061848

SB2026061848 - Multiple vulnerabilities in Mitel MiCollab and MiVB SVI

Published: June 18, 2026

Security Bulletin ID SB2026061848
CSH Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 vulnerabilities.


1) Path traversal (CVE-ID: N/A)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to lack of path sanitization in the NuPoint Unified Messaging (NPM) component when writing user-supplied files. A remote attacker can write arbitrary files with malicious contents to execute arbitrary code.



2) Command injection (CVE-ID: N/A)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to insufficient parameter sanitization in the Feedback Module of the MiCollab Client Service component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary commands.



3) Command injection (CVE-ID: N/A)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to insufficient parameter sanitization in the MiCollab Client Service component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary commands.



4) Missing Authentication for Critical Function (CVE-ID: N/A)

CWE-ID: CWE-306 - Missing Authentication for Critical Function

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to view, corrupt, or delete system configurations.

The vulnerability exists due to missing authentication mechanisms in the MiCollab Client Service component when handling requests. A remote attacker can send a specially crafted request to view, corrupt, or delete system configurations.



5) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to leverage connections and permissions available to the host server.

The vulnerability exists due to insufficient restriction of user-provided URLs in the MiCollab Client Service component when processing user-supplied URLs. A remote attacker can submit a crafted URL to leverage connections and permissions available to the host server.



6) SQL injection (CVE-ID: N/A)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary SQL database commands.

The vulnerability exists due to insufficient validation of user input in the MiCollab Client Service component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary SQL database commands.



7) Command injection (CVE-ID: N/A)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to insufficient parameter sanitization in the NuPoint Unified Messaging (NPM) component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary commands.



8) Command injection (CVE-ID: N/A)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to insufficient parameter sanitization in the NuPoint Unified Messaging (NPM) component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary commands.



9) Improper Certificate Validation (CVE-ID: N/A)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary commands.

The vulnerability exists due to improper certificate validation in the MiCollab Client Service component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary commands.



10) Arbitrary file upload (CVE-ID: N/A)

CWE-ID: CWE-434 - Unrestricted Upload of File with Dangerous Type

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to upload arbitrary files with malicious content.

The vulnerability exists due to missing authentication mechanisms, insufficient file content sanitization, and lack of file type validation in the NuPoint Unified Messaging (NPM) component when handling file uploads. A remote attacker can upload a crafted file to upload arbitrary files with malicious content.



11) XML External Entity injection (CVE-ID: N/A)

CWE-ID: CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to obtain unauthorized access to arbitrary files.

The vulnerability exists due to XML external entity processing in the XML parser of the NuPoint Unified Messaging (NPM) component when parsing XML input. A remote attacker can submit crafted XML containing external entities to obtain unauthorized access to arbitrary files.



12) SQL injection (CVE-ID: N/A)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary SQL database commands.

The vulnerability exists due to insufficient validation of user input in the Audio, Web, and Video Conferencing (AWV) component when handling requests. A remote attacker can send a specially crafted request to execute arbitrary SQL database commands.



Remediation

Install update from vendor's website.

References