CVE-2026-10622

Summary

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.

Affected Software

VendorProductVersion RangeStatus
CollibraCollibra Platform (on-prem)2026.03 < 2026.03.356affected
CollibraCollibra Platform (on-prem)2025.10 < 2025.10.399affected
CollibraCollibra Platform (SaaS)2026.04 < 2026.04.5affected
CollibraCollibra Platform (SaaS)2026.03 < 2026.03.4affected
CollibraCollibra Platform (SaaS)2026.02 < 2026.02.6affected
CollibraCollibra Platform (SaaS)2025.11 < 2025.11.7affected
CollibraCollibra Platform (SaaS)2025.10 < 2025.10.9affected

Weaknesses

  • CWE-306 Missing Authentication for Critical Function
  • CWE-287 Improper Authentication

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References