CVE-2026-2817

Spring Data Geode Insecure Temporary Directory Usage

CVSS 4.8 MEDIUMEPSS 0.1%CWE-378 CWE-379 CWE-538

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

VMware · Spring Data Gemfire VMware · Spring Data Geode

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.herodevs.com/vulnerability-directory/cve-2026-2817