HIGH 8.2

CVE-2026-10622: Collibra Agent Unauthenticated REST API Access (CVSS 8.2)

Collibra Agent contains a flaw in how it authenticates users to its REST API. The vulnerability allows someone from the internet to call administrative functions through REST endpoints without providing valid credentials. An attacker can exploit this to gain unauthorized access to sensitive functionality that should be restricted to authenticated administrators.

Source data · NVD / CISA · public domain

CVSS
3.1 · 8.2 HIGH · CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Weaknesses (CWE)
Affected products
0 configuration(s)
Published / Modified
2026-06-02 / 2026-06-17

NVD description (verbatim)

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/* endpoints.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

CVE-2026-10622 is an improper authentication vulnerability affecting Collibra Agent's REST API layer. Unauthenticated HTTP requests to `/rest/*` endpoints bypass authentication controls, granting access to privileged operations. The CVSS 3.1 vector (8.2 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N) indicates network-accessible endpoints with no special conditions or privileges required. The high confidentiality impact and lower integrity impact suggest data exfiltration risk with some modification capability, but no availability impact.

Business impact

Unauthorized access to Collibra Agent's administrative API exposes organizational metadata governance controls. Attackers could enumerate or exfiltrate sensitive data governance policies, lineage information, or compliance metadata without detection. The integrity component indicates potential for malicious modification of policies or data classifications, risking compliance violations and operational misconfiguration.

Affected systems

Collibra Agent deployments are affected. Specific affected versions and products are not detailed in available advisories. Organizations running Collibra Agent should immediately verify their installation version against vendor guidance and confirm whether their deployment exposes REST endpoints to untrusted networks.

Exploitability

This vulnerability is straightforward to exploit. No special conditions, authentication, or user interaction are required—an attacker only needs network access to the affected REST endpoints. The low attack complexity and absence of privilege requirements make this a practical risk for any Collibra Agent instance exposed to the internet or an untrusted network segment. As of the published date, this vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, though active exploitation in the wild cannot be ruled out.

Remediation

Apply vendor patches or mitigations as documented by Collibra. Verify patch availability and version compatibility. As an interim control, restrict network access to REST endpoints using firewall rules or reverse proxy authentication. Place Collibra Agent behind a WAF or API gateway enforcing authentication. Review access logs for suspicious unauthenticated API calls.

Patch guidance

Consult Collibra's official security advisory for available patches and affected versions. Apply patches to all Collibra Agent instances after testing in a non-production environment. Verify successful patching by confirming that `/rest/*` endpoints now reject unauthenticated requests with proper HTTP 401 or 403 responses. Note: specific patch version numbers should be verified against the vendor advisory.

Detection guidance

Monitor access logs and API request logs for unauthenticated calls to `/rest/*` endpoints, particularly those with administrative intent (user creation, policy modification, data export). Watch for HTTP 200 or 201 responses to requests lacking Authorization headers. Implement alerting for failed or successful authentication bypass attempts. Network IDS signatures may detect reconnaissance of REST endpoints. Review outbound data flows for unusual exfiltration patterns.

Why prioritize this

The combination of network accessibility, zero authentication requirements, and high confidentiality impact makes this a critical-priority remediation. Administrative REST API access is a high-value target; any unauthenticated access to such endpoints represents a material risk to governance and compliance posture. Prioritize patching or network isolation immediately, especially for Collibra deployments storing sensitive business metadata or regulatory classifications.

Risk score, explained

CVSS 3.1 score of 8.2 (HIGH) reflects the ease of exploitation (network-accessible, no authentication, no user interaction) combined with substantial confidentiality impact and some integrity risk. The vector emphasizes that this is a remote, low-complexity attack requiring no privileges. Confidentiality is rated 'high' due to unrestricted access to administrative API functions; integrity is 'low' because modification capability is present but not the primary impact. Availability is not impacted.

Frequently asked questions

Is there a public exploit for CVE-2026-10622?

As of the published date (June 2, 2026), this vulnerability is not listed on the CISA KEV catalog, indicating no documented public exploit has been formally tracked. However, the simplicity of the vulnerability—unauthenticated REST API access—means exploitation is trivial and likely does not require sophisticated tooling. Do not assume lack of public disclosure means no active exploitation.

How can we quickly reduce risk if we cannot patch immediately?

Implement network-level access controls: restrict inbound connections to Collibra Agent's REST endpoints using firewall rules, security groups, or network ACLs. Only permit traffic from trusted administrative networks. Deploy a WAF or API gateway in front of Collibra that enforces pre-authentication or token validation. Monitor access logs for suspicious patterns. These measures buy time for patch testing and deployment.

What data could an attacker access through unauthenticated REST endpoints?

Collibra Agent manages data governance, metadata, lineage, and policy information. Unauthenticated REST access could expose business glossaries, data classifications, compliance tags, lineage mappings, and policy definitions. The attacker could also potentially modify policies or classifications (indicated by the 'low' integrity impact), introducing compliance violations or operational confusion.

Should we assume this affects all versions of Collibra Agent?

Until vendor guidance specifies affected versions, treat all deployments as potentially vulnerable. Check Collibra's official security advisory for the exact version range. Do not assume older or newer versions are safe without explicit vendor confirmation. When patching becomes available, verify version-specific applicability before deployment.

This analysis is based on the published CVE record and vendor descriptions as of the modification date (June 17, 2026). Specific affected product versions, patch release information, and detailed vendor guidance are not included here and must be obtained directly from Collibra's official security advisory. Organizations should verify their Collibra deployment version and consult with Collibra support for patch availability and compatibility. SEC.co makes no warranty regarding the completeness or accuracy of vendor-provided information. This vulnerability analysis does not constitute professional security advice and should be reviewed by qualified security personnel within your organization's risk management framework. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).