Collibra Platform Agent Flaws Allow Remote Code Execution Without Authentication
Do Son 
Privileged REST Endpoints and Zip Slip Vulnerability Threaten Data Clusters
A threat notice has been issued for corporate enterprise data management environments. Multiple system installations face severe risks due to a newly discovered Collibra Platform Agent flaw infrastructure hazard. These flaws allow remote actors to bypass structural security boundaries or execute arbitrary system commands. Because exploitation does not require authentication, deployments reachable across the public internet may be at significant risk. Consequently, technology administrators must verify their software branches immediately to prevent unauthorized network takeovers.
Unauthenticated Access to Privileged REST Endpoints
To begin with, the underlying software bug resides within the standalone agent service. The application incorrectly handles specific administrative connection paths. According to the vulnerability note from CERT/CC, “CVE-2026-10622 Privileged REST endpoints exposed under /rest/* do not properly enforce authentication or authorization.” Therefore, an unauthenticated remote adversary can interact with sensitive application functionality to map the file system. Furthermore, the hosting web service binds to all available network interfaces regardless of your local installer settings.
Weaponizing the Zip Slip Archive Extraction
Subsequently, the attacker chains this visibility with a dangerous file extraction defect. The text notes that developers identified a Zip Slip vulnerability (CVE-2026-10621) during extraction routines. This security gap allows a crafted file to escape the intended directory boundaries. For example, an attacker can write a malicious JSP web shell directly into a web-accessible folder. When requested over HTTP, this file triggers arbitrary remote code execution under root context.
Mandatory Patches and Server Hardening
Ultimately, neutralizing this threat collection requires immediate deployment of official vendor updates. Collibra has released fixed software builds for both SaaS and self-hosted on-premise installations. For instance, on-premise administrators must upgrade their fleets to version 2026.03 or 2025.10 right away. Additionally, managers should ensure that interfaces exposing REST endpoints are restricted from untrusted public networks. Finally, continuous monitoring of localized access logs helps identify unauthorized background script executions early.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
