Unauthenticated REST API Access in Collibra Agent

CVE-2026-10622 represents a critical authentication bypass vulnerability in Collibra Agent's REST API endpoints. An unauthenticated attacker can access privileged functionality through exposed '/rest/*' endpoints, allowing them to potentially manipulate data governance configurations, extract sensitive metadata, or escalate privileges within the platform. This vulnerability affects organizations relying on Collibra for data cataloging and governance—critical infrastructure for regulated industries handling sensitive data. The high CVSS score of 8.2 reflects the severity of unrestricted access to administrative functions without proper identity verification.

While CVE-2026-10622 doesn't map to specific MITRE ATT&CK techniques in its current advisory, Casky's platform with extended reasoning capabilities would detect the underlying attack patterns associated with Improper Authentication (CWE-287 category attacks). Practitioners using Casky's 754 security skills would identify reconnaissance activities probing for exposed endpoints (T1592: Gather Victim Identity Information), followed by exploitation attempts leveraging the authentication bypass. The platform's Claude AI would flag suspicious patterns of unauthenticated API calls accessing restricted resources, anomalous privilege escalation sequences, and lateral movement indicators suggesting post-compromise activity. Real-world detection would reveal repeated `/rest/*` requests from external sources lacking valid authentication tokens, permission grants issued without proper identity validation, and configuration changes originating from unauthenticated sessions—all critical signals for immediate containment and patching.