CVE-2026-10622

Vulnerability

Improper authentication in the Collibra Agent's REST API allows remote, unauthenticated attackers to access privileged functionality through exposed /rest/* endpoints. The web services hosting these endpoints may bind to all network interfaces, potentially increasing exposure beyond intended configurations. This affects Collibra Platform (CP) and Collibra Platform Self-Hosted (CPSH) agents [2].

Exploitation

An attacker can exploit this vulnerability by interacting with the exposed /rest/* endpoints without authentication. This allows them to access sensitive application functionality and gather information, such as identifying suitable filesystem locations or application paths, which can be used for further exploitation. The vulnerability can be chained with CVE-2026-10621, a Zip Slip vulnerability, to achieve remote code execution [2].

Impact

Successful exploitation allows a remote, unauthenticated attacker to access privileged functionality and gather information about the system. When chained with other vulnerabilities, such as Zip Slip, this can lead to arbitrary file writes and ultimately remote code execution on the underlying host [2].

Mitigation

Collibra has released patches for this vulnerability. Users are advised to update to the fixed versions. Specific fixed version information and release dates are available in the CERT/CC advisory [2]. Collibra's website provides general information about their platform [1].