CVE-2026-2818

Name of the Vulnerable Software and Affected Versions Spring Data Geode (affected versions not specified)

Description A zip-slip path traversal flaw exists in the import snapshot functionality of Spring Data Geode. This issue allows attackers to write files outside the intended extraction directory by crafting malicious archive files (ZIP files). The vulnerability appears to be susceptible on Windows OS only. The flaw could potentially lead to overwriting critical system files or sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.