CVE-2026-10621 | THREATINT

Description

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.

PUBLISHED Reserved 2026-06-02 | Published 2026-06-02 | Updated 2026-06-02 | Assigner certcc

Problem types

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-73 External Control of File Name or Path

Product status

2025.10 (custom) before 2025.10.9

affected

2025.11 (custom) before 2025.11.7

affected

2026.02 (custom) before 2026.02.6

affected

2026.03 (custom) before 2026.03.4

affected

2026.04 (custom) before 2024.04.5

affected

2026.03 (custom) before 2026.03.356

affected

2025.10 (custom) before 2025.10.399

affected

References

www.collibra.com/

kb.cert.org/vuls/id/873170

cve.org (CVE-2026-10621)

nvd.nist.gov (CVE-2026-10621)

Download JSON

help @ threatint.eu