Main Vulnerability Database Vulnerabilities #VU134875

Arbitrary file upload in MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) - #VU134875

Published: June 18, 2026

Vulnerability identifier: #VU134875

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-434

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mitel

Affected software:
MiCollab
MiVoice Business Solution Virtual Instance (MiVB SVI)

Detailed vulnerability description

The vulnerability allows a remote attacker to upload arbitrary files with malicious content.

The vulnerability exists due to missing authentication mechanisms, insufficient file content sanitization, and lack of file type validation in the NuPoint Unified Messaging (NPM) component when handling file uploads. A remote attacker can upload a crafted file to upload arbitrary files with malicious content.

Remediation

Install security update from vendor's website.

Arbitrary file upload in MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) - #VU134875

Detailed vulnerability description

Remediation

Sources

Please verify you're human