Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)

8.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

Description

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

Basic Information

ID CVE-2026-2818

Source HeroDevs

Published Feb 20, 2026 at 16:03

Affected Product

Vendor VMware

Product Spring Data Geode

Version 2.0.0.RELEASE

Affected Versions VMware Spring Data Geode 2.0.0.RELEASE
VMware Spring Data Gemfire 1.7.0.RELEASE

CWE Classification

CWE-23

References

www.herodevs.com /vulnerability-directory/cve-2026-2818

{
    "lastseen": "",
    "description": "A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.",
    "published": "2026-02-20T16:03:21.032Z",
    "modified": "2026-02-20T16:03:21.032Z",
    "type": "cve",
    "title": "Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)",
    "source": "HeroDevs",
    "references": "https://www.herodevs.com/vulnerability-directory/cve-2026-2818",
    "id": "CVE-2026-2818",
    "bulletinFamily": "",
    "cwe": [
        "CWE-23"
    ],
    "cvelist": null,
    "sourceData": "VMware Spring Data Geode 2.0.0.RELEASE\nVMware Spring Data Gemfire 1.7.0.RELEASE",
    "sourceHref": "",
    "cvss": {
        "score": 8.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Spring Data Geode",
    "version": "2.0.0.RELEASE",
    "vendor": "VMware",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)_CVE-2026-2818