HIGHCVE-2026-2818Published Modified CNA HeroDevs
CVE-2026-2818: Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
Metrics
- CVSS v3.1
- 8.2
- Severity
- HIGH
- Fixed in
- —
- Affected Products
- 2
Affected packages
- VMware / Spring Data Geode≤ 2.7.18
- VMware / Spring Data Gemfire≤ 2.2.13.RELEASE
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:NReferences