Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities found for Spring Data Gemfire by VMware
CVE-2026-2818 (GCVE-0-2026-2818)
Vulnerability from nvd – Published: 2026-02-20 16:03 – Updated: 2026-02-20 20:12 Unsupported When Assigned X_Open Source
VLAI
Title
Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)
Summary
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Data Geode |
Affected:
2.0.0.RELEASE , ≤ 2.7.18
(maven)
|
|
| VMware | Spring Data Gemfire |
Affected:
1.7.0.RELEASE , ≤ 2.2.13.RELEASE
(maven)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:12:17.872342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:12:35.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-geode",
"product": "Spring Data Geode",
"repo": "https://github.com/spring-attic/spring-data-geode",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.7.18",
"status": "affected",
"version": "2.0.0.RELEASE",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-gemfire",
"product": "Spring Data Gemfire",
"repo": "https://github.com/spring-attic/spring-data-gemfire",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.2.13.RELEASE",
"status": "affected",
"version": "1.7.0.RELEASE",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A zip-slip path traversal vulnerability in Spring Data Geode\u0027s import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.\u003cbr\u003e"
}
],
"value": "A zip-slip path traversal vulnerability in Spring Data Geode\u0027s import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
},
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:03:21.032Z",
"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"shortName": "HeroDevs"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2818"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_open-source"
],
"title": "Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"assignerShortName": "HeroDevs",
"cveId": "CVE-2026-2818",
"datePublished": "2026-02-20T16:03:21.032Z",
"dateReserved": "2026-02-19T17:07:41.627Z",
"dateUpdated": "2026-02-20T20:12:35.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2817 (GCVE-0-2026-2817)
Vulnerability from nvd – Published: 2026-02-19 17:18 – Updated: 2026-02-20 20:31 Unsupported When Assigned X_Open Source
VLAI
Title
Spring Data Geode Insecure Temporary Directory Usage
Summary
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Data Geode |
Affected:
2.0.0.RELEASE , ≤ 2.7.18
(maven)
|
|
| VMware | Spring Data Gemfire |
Affected:
1.7.0.RELEASE , ≤ 2.2.13.RELEASE
(maven)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:31:34.178282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:31:49.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-geode",
"product": "Spring Data Geode",
"repo": "https://github.com/spring-attic/spring-data-geode",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.7.18",
"status": "affected",
"version": "2.0.0.RELEASE",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-gemfire",
"product": "Spring Data Gemfire",
"repo": "https://github.com/spring-attic/spring-data-gemfire",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.2.13.RELEASE",
"status": "affected",
"version": "1.7.0.RELEASE",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u0026nbsp;contents, leading to unintended exposure of cache data."
}
],
"value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u00a0contents, leading to unintended exposure of cache data."
}
],
"impacts": [
{
"capecId": "CAPEC-149",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-149 Explore for Predictable Temporary File Names"
}
]
},
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:18:09.839Z",
"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"shortName": "HeroDevs"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_open-source"
],
"title": "Spring Data Geode Insecure Temporary Directory Usage",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"assignerShortName": "HeroDevs",
"cveId": "CVE-2026-2817",
"datePublished": "2026-02-19T17:18:09.839Z",
"dateReserved": "2026-02-19T17:07:39.475Z",
"dateUpdated": "2026-02-20T20:31:49.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2818 (GCVE-0-2026-2818)
Vulnerability from cvelistv5 – Published: 2026-02-20 16:03 – Updated: 2026-02-20 20:12 Unsupported When Assigned X_Open Source
VLAI
Title
Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)
Summary
A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.
Severity
8.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Data Geode |
Affected:
2.0.0.RELEASE , ≤ 2.7.18
(maven)
|
|
| VMware | Spring Data Gemfire |
Affected:
1.7.0.RELEASE , ≤ 2.2.13.RELEASE
(maven)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:12:17.872342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:12:35.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-geode",
"product": "Spring Data Geode",
"repo": "https://github.com/spring-attic/spring-data-geode",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.7.18",
"status": "affected",
"version": "2.0.0.RELEASE",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-gemfire",
"product": "Spring Data Gemfire",
"repo": "https://github.com/spring-attic/spring-data-gemfire",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.2.13.RELEASE",
"status": "affected",
"version": "1.7.0.RELEASE",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A zip-slip path traversal vulnerability in Spring Data Geode\u0027s import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.\u003cbr\u003e"
}
],
"value": "A zip-slip path traversal vulnerability in Spring Data Geode\u0027s import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
},
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:03:21.032Z",
"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"shortName": "HeroDevs"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2818"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_open-source"
],
"title": "Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"assignerShortName": "HeroDevs",
"cveId": "CVE-2026-2818",
"datePublished": "2026-02-20T16:03:21.032Z",
"dateReserved": "2026-02-19T17:07:41.627Z",
"dateUpdated": "2026-02-20T20:12:35.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2817 (GCVE-0-2026-2817)
Vulnerability from cvelistv5 – Published: 2026-02-19 17:18 – Updated: 2026-02-20 20:31 Unsupported When Assigned X_Open Source
VLAI
Title
Spring Data Geode Insecure Temporary Directory Usage
Summary
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.
Severity
4.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| VMware | Spring Data Geode |
Affected:
2.0.0.RELEASE , ≤ 2.7.18
(maven)
|
|
| VMware | Spring Data Gemfire |
Affected:
1.7.0.RELEASE , ≤ 2.2.13.RELEASE
(maven)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T20:31:34.178282Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T20:31:49.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-geode",
"product": "Spring Data Geode",
"repo": "https://github.com/spring-attic/spring-data-geode",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.7.18",
"status": "affected",
"version": "2.0.0.RELEASE",
"versionType": "maven"
}
]
},
{
"defaultStatus": "unaffected",
"packageName": "org.springframework.data:spring-data-gemfire",
"product": "Spring Data Gemfire",
"repo": "https://github.com/spring-attic/spring-data-gemfire",
"vendor": "VMware",
"versions": [
{
"lessThanOrEqual": "2.2.13.RELEASE",
"status": "affected",
"version": "1.7.0.RELEASE",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u0026nbsp;contents, leading to unintended exposure of cache data."
}
],
"value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u00a0contents, leading to unintended exposure of cache data."
}
],
"impacts": [
{
"capecId": "CAPEC-149",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-149 Explore for Predictable Temporary File Names"
}
]
},
{
"capecId": "CAPEC-155",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-155 Screen Temporary Files for Sensitive Information"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-538",
"description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-378",
"description": "CWE-378: Creation of Temporary File With Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-379",
"description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-19T17:18:09.839Z",
"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"shortName": "HeroDevs"
},
"references": [
{
"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817"
}
],
"source": {
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned",
"x_open-source"
],
"title": "Spring Data Geode Insecure Temporary Directory Usage",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c",
"assignerShortName": "HeroDevs",
"cveId": "CVE-2026-2817",
"datePublished": "2026-02-19T17:18:09.839Z",
"dateReserved": "2026-02-19T17:07:39.475Z",
"dateUpdated": "2026-02-20T20:31:49.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}