Mitel MiCollab - Authentication Bypass

A vulnerability in the NuPoint Unified Messaging NPM component of Mitel MiCollab through 9.8 SP1 FP2 9.8.1.201 could allow an unauthenticated attacker to conduct a path traversal attack, due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +328 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 - ai.intelliswarm:swarmai-rag =1.0.28 and more Source cves: CVE-2026-41713 Source advisory:...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +288 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41713 Source advisory: OSV:GHSA-5852-PHMH-8FHR...

CVE-2026-41713

creationtimestamp| type| source ---|---|--- 2026-05-11 09:04:11+00:00| seen| https://cyber.gc.ca/en/alerts-advisories/spring-security-advisory-av26-443 2026-05-11 12:05:29+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mllabzqe2i2x 2026-05-12 11:59:24+00:00| seen|...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +468 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-model MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 - ai.intelliswarm:swarmai-rag =1.0.28 and more Source cves: CVE-2026-41713 Source advisory:...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +518 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-model MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =0.8.0, =0.7.0, =0.7.0, =0.8.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.6 and more Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624613...

com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory (>=1.0.0.1 <=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-jdbc (>=1.0.0.1 <=1.0.0.4) +2 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc (>=1.0.0-RC1 <=1.0.6)

org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc MAVEN version =1.0.0-RC1, =1.0.0.1, =1.0.0.1, =1.0.0, =1.0.0, =1.0.6 Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624615...

ai.telosforge:kimaira-starter-agentic (>=1.2.4 <=1.2.6), ai.telosforge:kimaira-starter-agentic-factory (>=1.2.4 <=1.2.6) +15 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-model-chat-memory-repository-jdbc MAVEN version =1.1.0-M1, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.1.0.0, =1.1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.1.19, =1.1.19, =1.1.19, =1.1.20 and more Source cves: CVE-2026-41713 Source advisory:...

ai.driftkit:driftkit-clients-spring-ai (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-clients-spring-ai-starter (>=0.6.0 <=0.8.7) +328 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.0.0-M7 <=1.0.6)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.0.0-M7, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.6.0, =0.7.0, =0.6.0, =0.6.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.24, =1.0.27, =1.0.28 - ai.intelliswarm:swarmai-rag =1.0.28 and more Source cves: CVE-2026-41713 Source advisory:...

com.alibaba.cloud.ai.autoconfigure.memory.long:spring-ai-alibaba-autoconfigure-memory-long (=1.0.0.4), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (=1.0.0.4) +3 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.0.0 <=1.0.1)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.0.0, =1.0.0.1, =1.0.0.3-20260305-cve - com.alibaba.cloud.ai:spring-ai-alibaba-studio-client =1.0.0.4 Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624616...

com.alibaba.cloud.ai:spring-ai-alibaba-autoconfigure-memory-long (>=1.1.0.0 <=1.1.2.3), com.alibaba.cloud.ai:spring-ai-alibaba-starter-memory-long (>=1.1.0.0 <=1.1.2.3) +8 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-advisors-vector-store (>=1.1.0-M3 <=1.1.5)

org.springframework.ai:spring-ai-advisors-vector-store MAVEN version =1.1.0-M3, =1.1.0.0, =1.1.0.0, =1.1.0.0, =0.0.6, =1.1.19, =1.1.19, =1.1.19, =4.17.0, =4.17.0, =4.20.0 - org.vrspace:server =0.8.7 Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624616...

ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-springboot-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +288 more potentially affected by CVE-2026-41713 via org.springframework.ai:spring-ai-client-chat (>=1.1.0-M1 <=1.1.5)

org.springframework.ai:spring-ai-client-chat MAVEN version =1.1.0-M1, =0.1.0, =0.1.0, =1.0.0, =1.0.0, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =1.2.4, =0.6.0, =1.1.0, =1.1.0, =1.1.0, =1.1.4 and more Source cves: CVE-2026-41713 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKAI-16624614...

CVE-2025-41713

creationtimestamp| type| source ---|---|--- 2025-09-15 08:03:49+00:00| seen| https://bsky.app/profile/certvde.infosec.exchange.ap.brid.gy/post/3lyudnqaimac2 2025-09-15 10:04:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyukktjkgn2c...

CVE-2022-41713

deep-object-diff version 1.1.0 allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited...

Exploit for Path Traversal in Mitel Micollab

CVE-2024-41713-PoC-exploit Mitel MiCollab Authentication Bypas...

Exploit for Path Traversal in Mitel Micollab

CVE-2024-41713 Scanner This repository contains a Python scri...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713link is external Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550link is external Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883lin...

Mitel MiCollab Path Traversal Vulnerability

Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated,...

Exploit for Path Traversal in Mitel Micollab

CVE-2024-41713 Mitel MiCollab Authentication Bypass to Arbitr...

CVE-2024-41713

creationtimestamp| type| source ---|---|--- 2024-10-11 06:14:27+00:00| seen| https://t.me/CyberBulletin/26067 2024-10-11 06:14:28+00:00| seen| https://t.me/CyberBulletin/1153 2024-10-22 00:24:14+00:00| seen| https://t.me/cvedetector/8572 2024-12-05 11:43:11+00:00| confirmed|...