CVE-2026-10621
Awaiting Analysis Awaiting Analysis - Queue
Path Traversal in Collibra Agent via ZIP Archive

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: CERT/CC

Description
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-23
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2026-10621
EUVD
EUVD-2026-33932
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
collibra collibra_agent to (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not explicitly discuss the impact of CVE-2026-10621 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-10621 is a Zip Slip vulnerability in the Collibra Agent component of the Collibra Platform. It occurs in the POST /rest/restore endpoint where file paths inside a ZIP archive are not properly validated or canonicalized during extraction.

An attacker can exploit this by uploading a crafted ZIP archive containing directory traversal sequences (such as ../) to write files to arbitrary locations on the server outside the intended extraction directory.

This improper validation allows an attacker to write arbitrary files, potentially placing malicious files in web-accessible directories.

Impact Analysis

This vulnerability can allow an attacker to write arbitrary files to the server, including placing malicious JSP files in web-accessible directories.

Such malicious files can enable remote code execution when accessed over HTTP, potentially allowing attackers to take control of the affected system.

The vulnerability does not require authentication, making internet-exposed systems particularly vulnerable.

Additionally, this issue can be combined with other vulnerabilities to achieve full remote code execution.

Detection Guidance

This vulnerability can be detected by monitoring for attempts to upload crafted ZIP archives containing directory traversal sequences (e.g., ../) to the POST /rest/restore endpoint of the Collibra Agent.

Detection commands or methods may include inspecting web server logs for suspicious POST requests to /rest/restore with ZIP files, and scanning extracted files for unexpected files placed outside the intended extraction directory.

  • Use network monitoring tools or intrusion detection systems to flag POST requests with ZIP files containing directory traversal patterns.
  • Check the file system for recently created or modified files outside the normal extraction directories, especially files with suspicious extensions like .jsp.
Mitigation Strategies

The immediate mitigation step is to update the Collibra Agent to the patched version released by Collibra that addresses this vulnerability.

Additionally, restrict access to the POST /rest/restore endpoint to trusted users or internal networks only, to reduce exposure.

Monitor and block any suspicious upload attempts containing crafted ZIP archives with directory traversal sequences.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-10621. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart