Having a Collada I/O add-on on our new extension platform would definitely be a possibility.
However, the current built-in code is not an add-on, but a part of Blender’s C++ source code, so it cannot be moved into its own independent add-on.
Found this project, but it has not been active for three years, so even if it may be a start-up point, getting it to work and be acceptable as an extension would certainly require some work.
PS: A CVE is a normalized way to reference and track security issues in libraries and software.