CVE-2026-2817

Medium CVSS: 4.8

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.

Vendor

Product

CWE

CWE-378

Yayın Tarihi

2026-02-19 18:25:00

Güncelleme

2026-02-20 13:49:47

Source Identifier

36c7be3b-2937-45df-85ea-ca7133ea542c

KEV Date Added

Kategoriler

CWE-378 MEDIUM 2026

Referanslar

https://www.herodevs.com/vulnerability-directory/cve-2026-2817