Mitel Releases Security Advisory for MiCollab

A critical SQL injection vulnerability could allow a remote unauthenticated attacker to access system information and execute arbitrary SQL database commands

Threat ID:: CC-4768
Threat Severity:: Medium
Published:: 9 April 2026 1:20 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A critical SQL injection vulnerability could allow a remote unauthenticated attacker to access system information and execute arbitrary SQL database commands

Affected platforms

The following platforms are known to be affected:

Mitel MiCollab

10.2.0.24 and earlier

Threat details

Introduction

Mitel has released a security advisory to address two vulnerabilities in Mitel MiCollab.

The critical vulnerability is an SQL injection vulnerability with a CVSSv3 score of 9.8. Successful exploitation could allow a remote unauthenticated attacker to conduct an SQL injection attack, potentially allowing the attacker to access system or user provisioning information and execute arbitrary SQL database commands.

The medium severity vulnerability is a privilege escalation vulnerability with a CVSSv3 score of 6.7. Successful exploitation could allow a local attacker to execute arbitrary commands with elevated privileges.

Mitel advises that exploiting these vulnerabilities together can significantly amplify their impact.

Remediation advice

Affected organisations are strongly encouraged to review Mitel Security Advisory MISA-2026-0002 and apply the relevant update as soon as possible.

Definitive source of threat updates

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2026-0002

Last edited: 9 April 2026 1:25 pm