CVE-2026-10621 PUBLISHED

CVE-2026-10621

Assigner: certcc
Reserved: 02.06.2026 Published: 02.06.2026 Updated: 02.06.2026

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.

Product Status

Vendor Collibra
Product Collibra Platform (SaaS)
Versions
  • affected from 2025.10 to 2025.10.9 (excl.)
Vendor Collibra
Product Collibra Platform (SaaS)
Versions
  • affected from 2025.11 to 2025.11.7 (excl.)
Vendor Collibra
Product Collibra Platform (SaaS)
Versions
  • affected from 2026.02 to 2026.02.6 (excl.)
Vendor Collibra
Product Collibra Platform (SaaS)
Versions
  • affected from 2026.03 to 2026.03.4 (excl.)
Vendor Collibra
Product Collibra Platform (SaaS)
Versions
  • affected from 2026.04 to 2024.04.5 (excl.)
Vendor Collibra
Product Collibra Platform (on-prem)
Versions
  • affected from 2026.03 to 2026.03.356 (excl.)
Vendor Collibra
Product Collibra Platform (on-prem)
Versions
  • affected from 2025.10 to 2025.10.399 (excl.)

References

Problem Types

  • CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • CWE-73 External Control of File Name or Path