CVE-2021-26714

CRITICAL

Mitel MiContact Center Enterprise < 9.4 - Directory Traversal via Enterprise License Manager Portal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2021-26714. PoCs published by PwCNO-CTO.

AI-analyzed exploit summary The repository contains only a README with basic CVE details and references to NVD and Mitel's advisory. No exploit code, technical analysis, or proof-of-concept is provided.

Description

The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow a user to access restricted files and folders due to insufficient access control. A successful exploit could allow an attacker to view and modify application data via Directory Traversal.

Exploits (1)

nomisec STUB

by PwCNO-CTO · poc

https://github.com/PwCNO-CTO/CVE-2021-26714

View Code ZIP pw:eip

The repository contains only a README with basic CVE details and references to NVD and Mitel's advisory. No exploit code, technical analysis, or proof-of-concept is provided.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Mitel MiContact Center Enterprise before 9.4

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0003

Scores

CVSS v3 9.8

EPSS 0.0252

EPSS Percentile 82.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

mitel/micontact_center_enterprise < 9.4

Published Mar 29, 2021

Tracked Since Feb 18, 2026