CVE-2022-26143 Mitel CVE debrief

Who should care

Security and IT teams responsible for Mitel MiCollab and MiVoice Business Express deployments, especially administrators managing internet-facing or business-critical communications systems.

Technical summary

The supplied sources describe the issue as an access control vulnerability in Mitel MiCollab and MiVoice Business Express. The CISA KEV entry confirms it is a known exploited vulnerability and directs organizations to apply updates per vendor instructions. The corpus does not provide additional technical detail about the flaw’s mechanics, attack prerequisites, or impact scope.

Defensive priority

High. CISA has placed this CVE in the Known Exploited Vulnerabilities catalog, which is a strong signal to patch quickly and verify remediation across all affected deployments.

Recommended defensive actions

• Apply Mitel updates according to vendor instructions as soon as possible.
• Inventory all MiCollab and MiVoice Business Express instances to confirm exposure.
• Check whether any deployed systems still rely on outdated versions or missed maintenance windows.
• Validate that remediation completed successfully and document the change for incident response and audit purposes.
• Monitor Mitel and CISA advisories for any additional guidance related to this CVE.

Evidence notes

CISA’s KEV record identifies CVE-2022-26143 as a Mitel access control vulnerability affecting MiCollab and MiVoice Business Express, with dateAdded 2022-03-25 and dueDate 2022-04-15. The KEV metadata says to apply updates per vendor instructions and lists knownRansomwareCampaignUse as Unknown. The supplied corpus does not include CVSS data or deeper exploitation details.

Official resources