CVE-2026-10621

7.5 HIGH

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive

Published: 2026-06-02 · Last updated: 2026-06-02

Severity and scoring

CVSS: 7.5 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-10621
[Other]https://kb.cert.org/vuls/id/873170
[Other]https://www.collibra.com/