CVE-2026-2818

high VMware
CVSS v3 Base Score
8.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N
EPSS Score
0.3%
Exploitation probability in 30 days
Top 81% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
Low
Integrity
High
Availability
None
Published: February 20, 2026 (140 days ago)
Last Modified: June 30, 2026
Vendor: VMware
Source: MITRE

Description

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

CWE

CWE-23

Affected Products

VMware Spring Data GeodeVMware Spring Data Gemfire

References