19 matches found
CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-10621 CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
EUVD-2026-33932
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-10621
CVE-2026-10621 : Path traversal (Zip Slip) in Collibra Agent during ZIP extraction allows a remote attacker to write arbitrary files outside the extraction directory via a crafted ZIP archive, notably through POST /rest/restore. Exploitation can lead to remote code execution when a malicious JSP ...
CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-10621 CVE-2026-10621
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
CVE-2026-10622 CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
EUVD-2026-33930
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
CVE-2026-10622 CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
CVE-2026-10622
CVE-2026-10622 concerns the Collibra Agent and exposes remote unauthenticated access via exposed REST endpoints (/rest/*). The issue stems from improper authentication/authorization for privileged functionality, enabling remote attackers to interact with sensitive functionality. CVSS v3.1 vector:...
PT-2026-45746
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
PT-2026-45765
A critical chain of vulnerabilities in the Collibra Platform Agent, including CVE-2026-26847 improper authentication and path traversal, allows remote, unauthenticated attackers to achieve Remote Code Execution RCE. Technical Breakdown: Vulnerability Chain: Attackers can exploit improperly...
PT-2026-45745
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directo...
tableau-dev2.collibra.com Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1149625 Security Researcher OakdaleHutch Helped patch 26 vulnerabilities Received 1 Coordinated Disclosure badges , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting tableau-dev2.collibra.com website and its users...
Collibra: Access to the database on onboarding.collibra.com
Summary: During the study, it was discovered that port 9306 was open on this server, which is open to the Sphinx service. I was able to connect to the internal database. Steps To Reproduce: 1. Discovery of open port 9306, on which service Sphinx is running screenshot 0 2. Connection to the databa...