Changeflow GovPing Data Privacy & Cybersecurity Mitel Products Vulnerability - XSS
Priority review Notice Added Final

Mitel Products Vulnerability - XSS

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 19th, 2026
Detected March 19th, 2026
Email

Summary

CERT-FR has issued an advisory regarding a remote code injection (XSS) vulnerability affecting various Mitel product versions. Affected systems include specific versions of MCX and MiContact Center Business. Users are advised to consult Mitel's security bulletin for patch information.

View original document View source feed page

What changed

CERT-FR has published an advisory (CERTFR-2026-AVI-0319) detailing a critical vulnerability in Mitel products, specifically an indirect remote code injection (XSS) flaw. The advisory lists affected versions of MCX and MiContact Center Business, including specific patch levels or lack thereof. This notice highlights a significant security risk that could allow unauthorized code execution.

Organizations utilizing the identified Mitel products must immediately consult Mitel's Security Advisory MISA-2026-0001 and apply the necessary security patches or updates. Failure to do so could expose their systems to exploitation, leading to potential data breaches or service disruptions. The advisory directs users to the vendor's documentation for detailed solutions and patch deployment instructions.

What to do next

  1. Review Mitel Security Advisory MISA-2026-0001
  2. Apply relevant security patches or updates to affected Mitel products
  3. Verify system versions against the advisory's affected list

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 19 mars 2026 N° CERTFR-2026-AVI-0319 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Vulnérabilité dans les produits Mitel

Gestion du document

| Référence | CERTFR-2026-AVI-0319 |
| Titre | Vulnérabilité dans les produits Mitel |
| Date de la première version | 19 mars 2026 |
| Date de la dernière version | 19 mars 2026 |
| Source(s) | Bulletin de sécurité Mitel 2026-0001 du 18 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Injection de code indirecte à distance (XSS)

Systèmes affectés

  • MCX versions 2.x antérieures à 2.1
  • MiContact Center Business version 10.0.0.4 sans le correctif de sécurité KB574060
  • MiContact Center Business version 10.1.0.5 sans le correctif de sécurité KB574059
  • MiContact Center Business version 9.5.0.3 sans le correctif de sécurité KB574061
  • MiContact Center Business versions 10.2.0.11 antérieures à 10.2.0.12

Résumé

Une vulnérabilité a été découverte dans les produits Mitel. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 19 mars 2026 Version initiale

Named provisions

Risque Systèmes affectés Résumé Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Python Vulnerability Allows Security Policy Bypass
Priority review Mar 19, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr CERT-FR Advises on Splunk Universal Forwarder Vulnerabilities
Priority review Mar 19, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr VMware Product Vulnerabilities Identified by CERT-FR
Priority review Mar 19, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for edpb.europa.eu EDPB-EDPS Joint Opinion on Cybersecurity Act 2 and NIS 2 Directive Amendments
Priority review Mar 20, 2026 EDPB Documents (GDPR) Data Privacy & Cybersecurity
Favicon for www.justice.gov DOJ Seizes Four Domains Used in Iranian Cyber Operations
Urgent Mar 20, 2026 DOJ News Courts & Legal
Favicon for www.cisa.gov CISA ICS Advisory: WebCTRL Server Vulnerabilities Allow Communication Interception
Priority review Mar 19, 2026 CISA ICS-CERT Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 19th, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0319

Who this affects

Applies to
Technology companies
Industry sector
5112 Software & Technology
Activity scope
Vulnerability Management System Patching
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Topics
Product Security Vulnerability Management

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 211 Consumer Protection 35 Courts & Legal 245 Data Privacy & Cybersecurity 59 Defense & National Security 48 Education 20 Energy 101 Energy & Utilities 1 Environment 82 Government & Legislation 240 Healthcare 116 Housing 15 Immigration 8 Insurance 56 Labor & Employment 110 Pharma & Drug Safety 77 Securities & Markets 73 Tax 49 Telecom & Technology 34 Trade & Sanctions 122 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.