CVE-2026-2818

Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)

Description

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

INFO

Published Date :

2026-02-20T16:03:21.032Z

Last Modified :

2026-02-20T20:12:35.205Z

Source :

HeroDevs

AFFECTED PRODUCTS

The following products are affected by CVE-2026-2818 vulnerability.

Vendors	Products
Vmware	Spring Data Gemfire Spring Data Geode

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-2818.

URL	Resource
https://nvd.nist.gov/vuln/detail/CVE-2026-2818
https://www.cve.org/CVERecord?id=CVE-2026-2818
https://www.herodevs.com/vulnerability-directory/cve-2026-2818

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact