Multiple Vulnerabilities in Mitel MiCollab SQLi Privilege Escalation
Summary
CERT-FR published security advisory CERTFR-2026-AVI-0411 disclosing multiple SQL injection and privilege escalation vulnerabilities in Mitel MiCollab collaboration software. Affected versions include MiCollab 10.2.x before 10.2 SP1, 10.x without latest security patch, and 9.8.x to 9.8.SP3 FP1 without latest patch. Organizations using Mitel MiCollab should apply vendor patches immediately to prevent unauthorized database access and privilege escalation attacks.
What changed
CERT-FR issued security advisory CERTFR-2026-AVI-0411 identifying multiple critical vulnerabilities (SQLi and privilege escalation) in Mitel MiCollab software versions 9.8.x through 10.2.x. The SQL injection flaw allows attackers to execute arbitrary database commands, potentially leading to data exfiltration or further system compromise. The privilege escalation vulnerability enables unauthorized users to gain elevated access rights within the application.
Organizations running Mitel MiCollab should immediately reference Mitel security advisory MISA-2026-0002 and apply the latest security patches. Failure to patch exposes systems to remote code execution, database compromise, and unauthorized access to sensitive collaboration data. Security teams should conduct vulnerability assessments and implement compensating controls if patching cannot be performed immediately.
What to do next
- Identify Mitel MiCollab installations in your environment and verify version numbers
- Apply Mitel security patch MISA-2026-0002 immediately for all affected versions
- Monitor for indicators of compromise and review access logs for suspicious SQL injection attempts
Archived snapshot
Apr 9, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
Premier Ministre S.G.D.S.N
Agence nationale
de la sécurité des
systèmes d'information
Paris, le 09 avril 2026 N° CERTFR-2026-AVI-0411 Affaire suivie par: CERT-FR
Avis du CERT-FR
Objet: Multiples vulnérabilités dans Mitel MiCollab
Gestion du document
| Référence | CERTFR-2026-AVI-0411 |
| Titre | Multiples vulnérabilités dans Mitel MiCollab |
| Date de la première version | 09 avril 2026 |
| Date de la dernière version | 09 avril 2026 |
| Source(s) | Bulletin de sécurité Mitel MISA-2026-0002 du 08 avril 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.
Risques
- Injection SQL (SQLi)
- Élévation de privilèges
Systèmes affectés
- MiCollab versions 10.2.x antérieures à 10.2 SP1 (10.2.1.11)
- MiCollab versions 10.x sans le dernier correctif de sécurité
- MiCollab versions 9.8.x à 9.8.SP3 FP1 sans le dernier correctif de sécurité
Résumé
De multiples vulnérabilités ont été découvertes dans Mitel MiCollab. Elles permettent à un attaquant de provoquer une élévation de privilèges et une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Documentation
- Bulletin de sécurité Mitel MISA-2026-0002 du 08 avril 2026
- https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0002
Gestion détaillée du document
- le 09 avril 2026 Version initiale
Related changes
Get daily alerts for CERT-FR Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-FR.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-FR Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.