A critical security vulnerability, CVE-2026-28318, has been detected in the Collibra Platform Agent, allowing remote code execution without authentication. The issue stems from inadequate handling of REST endpoints that expose sensitive functionalities. A separate Zip Slip vulnerability (CVE-2026-10621) enables attackers to exploit file extraction processes to manipulate files outside intended directories. To mitigate these risks, urgent software updates are required for both SaaS and on-premise installations. Administrators are advised to restrict REST endpoint access from public networks and consistently monitor access logs.
Attackers exploit CVE-2026-28318 and Zip Slip in Collibra Agent
CyberSIXT Evidence Panel
Article by CyberSIXT
Timeline Coverage
Swipe to explore timeline
-
Critical flaw in SolarWinds ServU lets attackers drain resources
cybersixt.com
-
CISA warns of DoS risk in SolarWinds Serv-U flaw CVE-2026-28318
-
Verizon VoLTE flaw CVE-2026-28318 exposes calls to interception
-
SolarWinds ServU bug lets attackers drain system resources
-
Attackers exploit CVE-2026-28318 and Zip Slip in Collibra Agent
securityonline.info
-
Cryptographic Sanctuaries: OpenAI Unveils “Lockdown Mode” to Counter Prompt Injection Risks
-
CISA flags SolarWinds ServU DoS bug CVE-2026-28318 for patch
-
CISA Adds Exploited SolarWinds ServU DoS Vulnerability to KEV List
-
CISA Warns of Actively Exploited SolarWinds Serv-U Flaw
-
CISA warns of exploited SolarWinds Serv-U flaw, urges patching
-
CISA warns of active SolarWinds ServU exploit CVE-2026-28318
-
CISA adds CVE‑2026‑28318 to KEV after SolarWinds ServU attacks