CVE-2026-10621
Published: Jun 2, 2026
Modified: Jun 2, 2026
Description
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.
| Vendor | Product | Versions |
|---|---|---|
Collibra | Collibra Platform (SaaS) | affected 2025.10 - < 2025.10.9 |
Collibra | Collibra Platform (SaaS) | affected 2025.11 - < 2025.11.7 |
Collibra | Collibra Platform (SaaS) | affected 2026.02 - < 2026.02.6 |
Collibra | Collibra Platform (SaaS) | affected 2026.03 - < 2026.03.4 |
Collibra | Collibra Platform (SaaS) | affected 2026.04 - < 2024.04.5 |
Collibra | Collibra Platform (on-prem) | affected 2026.03 - < 2026.03.356 |
Collibra | Collibra Platform (on-prem) | affected 2025.10 - < 2025.10.399 |
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now