A vulnerability exists in the Collibra Agent's REST API, specifically within the '/rest/*' endpoints, due to improper authentication. This flaw allows remote, unauthenticated attackers to access privileged functionalities and sensitive application data. The issue arises because the REST API does not adequately enforce authentication or authorization, enabling unauthorized access to critical application features that could be exploited for malicious purposes.
Exploitation of this vulnerability could lead to unauthorized access to sensitive application functionality, allowing attackers to gather information that could facilitate further exploitation. In conjunction with a related vulnerability (CVE-2026-10621), this could be chained to achieve remote code execution on the affected system.
Users are advised to update to Collibra Platform versions 2026.05, 2026.04.5, 2026.03.4, 2026.02.6, 2025.11.7, or 2025.10.9. For Collibra Platform Self-Hosted, versions 2026.03 (Build 2026.03.356) or 2025.10 (Build 2025.10.399) should be used. Consult Collibra documentation and release notes for guidance on patching and deployment. Additionally, ensure that interfaces exposing REST endpoints are not accessible to untrusted networks and restrict access to management interfaces whenever possible.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
