CVE-2026-10621
Path Traversal in Collibra Agent via ZIP Archive
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: CERT/CC
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| collibra | collibra_agent | to |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-10621 is a Zip Slip vulnerability in the Collibra Agent component of the Collibra Platform. It occurs in the POST /rest/restore endpoint where file paths inside a ZIP archive are not properly validated or canonicalized during extraction.
An attacker can exploit this by uploading a crafted ZIP archive containing directory traversal sequences (such as ../) to write files to arbitrary locations on the server outside the intended extraction directory.
This improper validation allows an attacker to write arbitrary files, potentially placing malicious files in web-accessible directories.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to write arbitrary files to the server, including placing malicious JSP files in web-accessible directories.
Such malicious files can enable remote code execution when accessed over HTTP, potentially allowing attackers to take control of the affected system.
The vulnerability does not require authentication, making internet-exposed systems particularly vulnerable.
Additionally, this issue can be combined with other vulnerabilities to achieve full remote code execution.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for attempts to upload crafted ZIP archives containing directory traversal sequences (e.g., ../) to the POST /rest/restore endpoint of the Collibra Agent.
Detection commands or methods may include inspecting web server logs for suspicious POST requests to /rest/restore with ZIP files, and scanning extracted files for unexpected files placed outside the intended extraction directory.
- Use network monitoring tools or intrusion detection systems to flag POST requests with ZIP files containing directory traversal patterns.
- Check the file system for recently created or modified files outside the normal extraction directories, especially files with suspicious extensions like .jsp.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Collibra Agent to the patched version released by Collibra that addresses this vulnerability.
Additionally, restrict access to the POST /rest/restore endpoint to trusted users or internal networks only, to reduce exposure.
Monitor and block any suspicious upload attempts containing crafted ZIP archives with directory traversal sequences.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not explicitly discuss the impact of CVE-2026-10621 on compliance with common standards and regulations such as GDPR or HIPAA.