CVE-2026-2818

HIGH

Spring Data Geode - Path Traversal

Title source: llm

Description

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

References (1)

[Various Sources] https://www.herodevs.com/vulnerability-directory/cve-2026-2818

Scores

CVSS v3 8.2

EPSS 0.0007

EPSS Percentile 20.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Classification

CWE

CWE-23

Status draft

Timeline

Published Feb 20, 2026

Tracked Since Feb 21, 2026