Main Vulnerability Database Vulnerabilities #VU134876

XML External Entity injection in MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) - #VU134876

Published: June 18, 2026

Vulnerability identifier: #VU134876

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-611

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mitel

Affected software:
MiCollab
MiVoice Business Solution Virtual Instance (MiVB SVI)

Detailed vulnerability description

The vulnerability allows a remote attacker to obtain unauthorized access to arbitrary files.

The vulnerability exists due to XML external entity processing in the XML parser of the NuPoint Unified Messaging (NPM) component when parsing XML input. A remote attacker can submit crafted XML containing external entities to obtain unauthorized access to arbitrary files.

Remediation

Install security update from vendor's website.

XML External Entity injection in MiCollab and MiVoice Business Solution Virtual Instance (MiVB SVI) - #VU134876

Detailed vulnerability description

Remediation

Sources

Please verify you're human