CVE-2026-2818

CVSS v3.1

8.2

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

Fix

Relative Path Traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-23

Related Identifiers

CVE-2026-2818

Affected Products

Spring Data Gemfire

Spring Data Geode

CVE-2026-2818

Weakness Enumeration

Related Identifiers

Affected Products

References · 2