HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-10621Published Modified CNA certcc

CVE-2026-10621: CVE-2026-10621

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
2024.04.5
Affected Products
7

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A path traversal vulnerability (commonly called a "Zip Slip" attack) affects the restore handler in Collibra Agent, part of the Collibra Platform. The flaw is reachable over the network without any authentication, and it stems from missing path canonicalization during ZIP archive extraction. Successful exploitation lets an attacker write arbitrary files to any location on the host filesystem, enabling configuration tampering, backdoor placement, or further system compromise. Patched-image rebuilds at versions 2024.04.5, 2025.10.9, 2025.10.399, 2025.11.7, and 2026.02.6 are available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-10621 is available across every HarborGuard environment, with the CVE ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including internally built images that layer Collibra Agent. Coverage extends to both SaaS-deployed and on-prem image variants listed in the affected product matrix.

Available
Triage

Triage is available with CVSS v3.1 scoring applied at a severity of HIGH (7.5), reflecting the network-reachable, no-auth, high-integrity-impact profile of this vulnerability. Per-environment compliance policy weighting is applied automatically, and the resulting finding is routed to the appropriate team inbox within each customer organization.

Available
Patch

A patched-image rebuild at each applicable fix version (2024.04.5, 2025.10.9, 2025.10.399, 2025.11.7, 2026.02.6) becomes available on HarborGuard once the upstream fix is confirmed. For customers who opt into auto-remediation, the pipeline runs a rebuild, executes a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The restore handler is exposed over the network, meaning an attacker must be able to reach the Collibra Agent service to deliver a crafted ZIP archive.

  • AuthenticationNot required

    No credentials are needed; the CVSS vector specifies PR:N, so the restore endpoint can be targeted by any unauthenticated caller who can reach it.

  • Victim interactionNot required

    Exploitation is fully attacker-driven and requires no action from a user or administrator on the target system.

  • Attack complexityDetail

    Attack complexity is rated Low (AC:L), meaning the exploit is straightforward and reliable with no race conditions or special environmental prerequisites.

Blast Radius

  • Attacker writes arbitrary files to any path on the host filesystem reachable by the Collibra Agent process.
  • Attacker overwrites configuration files, startup scripts, or scheduled-task definitions to establish persistence or escalate privileges.
  • Attacker places malicious executables or libraries in locations that are loaded by the platform at runtime.

How HarborGuard Handles This

Available on HarborGuard: CVE-2026-10621 is matched against scanned images as soon as the advisory is ingested, typically within minutes of publication. Where images are found running an affected Collibra Agent version, a patched-image rebuild at the appropriate fix version is made available. For customers who have auto-remediation enabled, the pipeline rebuilds the image, runs regression tests, and opens a PR against the affected workload; for HIGH-severity issues, median time from CVE publication to a merged patch PR is around 90 minutes in environments with auto-remediation active. Customers who manage remediation manually will see the finding in their HarborGuard dashboard with CVSS scoring, affected image inventory, and fix-version guidance. Where compliance policy or operational constraints delay patching, compensating controls to consider include restricting network access to the Collibra Agent restore endpoint via network policy, applying egress filtering to limit post-exploitation reach, and auditing filesystem paths accessible to the Agent process.

See how HarborGuard automates this

Fix available

2024.04.52025.10.92025.10.3992025.11.72026.02.62026.03.42026.03.356
Affected packages
  • Collibra / Collibra Platform (SaaS)
    < 2025.10.9 (from 2025.10)
  • Collibra / Collibra Platform (SaaS)
    < 2025.11.7 (from 2025.11)
  • Collibra / Collibra Platform (SaaS)
    < 2026.02.6 (from 2026.02)
  • Collibra / Collibra Platform (SaaS)
    < 2026.03.4 (from 2026.03)
  • Collibra / Collibra Platform (SaaS)
    < 2024.04.5 (from 2026.04)
  • Collibra / Collibra Platform (on-prem)
    < 2026.03.356 (from 2026.03)
  • Collibra / Collibra Platform (on-prem)
    < 2025.10.399 (from 2025.10)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References