CVE-2026-10621_CVE-2026-10621

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.

Basic Information

ID CVE-2026-10621

Source certcc

Published Jun 2, 2026 at 14:03

Modified Jun 2, 2026 at 19:27

Affected Product

Vendor Collibra

Product Collibra Platform (SaaS)

Version 2025.10

Affected Versions Collibra Collibra Platform (SaaS) 2025.10
Collibra Collibra Platform (SaaS) 2025.11
Collibra Collibra Platform (SaaS) 2026.02
Collibra Collibra Platform (SaaS) 2026.03
Collibra Collibra Platform (SaaS) 2026.04
Collibra Collibra Platform (on-prem) 2026.03
Collibra Collibra Platform (on-prem) 2025.10

References

{
    "lastseen": "",
    "description": "Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.",
    "published": "2026-06-02T14:03:35.360Z",
    "modified": "2026-06-02T19:27:51.526Z",
    "type": "cve",
    "title": "CVE-2026-10621",
    "source": "certcc",
    "references": "https://www.collibra.com/\nhttps://kb.cert.org/vuls/id/873170",
    "id": "CVE-2026-10621",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Collibra Collibra Platform (SaaS) 2025.10\nCollibra Collibra Platform (SaaS) 2025.11\nCollibra Collibra Platform (SaaS) 2026.02\nCollibra Collibra Platform (SaaS) 2026.03\nCollibra Collibra Platform (SaaS) 2026.04\nCollibra Collibra Platform (on-prem) 2026.03\nCollibra Collibra Platform (on-prem) 2025.10",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Collibra Platform (SaaS)",
    "version": "2025.10",
    "vendor": "Collibra",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply