{"api_version":"1","generated_at":"2026-07-14T12:44:04+00:00","cve":"CVE-2026-2818","urls":{"html":"https://cve.report/CVE-2026-2818","api":"https://cve.report/api/cve/CVE-2026-2818.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-2818","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-2818"},"summary":{"title":"Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)","description":"A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.","state":"PUBLISHED","assigner":"HeroDevs","published_at":"2026-02-20 17:25:57","updated_at":"2026-06-30 03:18:21"},"problem_types":["CWE-23","CWE-22","CWE-23 CWE-23 Relative Path Traversal","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"3.1","source":"ADP","type":"CVSS","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.1"}},{"version":"3.1","source":"36c7be3b-2937-45df-85ea-ca7133ea542c","type":"Secondary","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"}},{"version":"3.1","source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","score":"7.1","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"8.2","severity":"HIGH","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","version":"3.1"}}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441384","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2441384","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2818.json","name":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2818.json","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://access.redhat.com/security/cve/CVE-2026-2818","name":"https://access.redhat.com/security/cve/CVE-2026-2818","refsource":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-2818","name":"https://www.herodevs.com/vulnerability-directory/cve-2026-2818","refsource":"36c7be3b-2937-45df-85ea-ca7133ea542c","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-2818","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2818","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"VMware","product":"Spring Data Geode","version":"affected 2.0.0.RELEASE 2.7.18 maven","platforms":[]},{"source":"CNA","vendor":"VMware","product":"Spring Data Gemfire","version":"affected 1.7.0.RELEASE 2.2.13.RELEASE maven","platforms":[]},{"source":"ADP","vendor":"Red Hat","product":"Red Hat Fuse 7","version":"","platforms":[]}],"timeline":[{"source":"ADP","time":"2026-02-20T17:03:16.830Z","lang":"en","value":"Reported to Red Hat."},{"source":"ADP","time":"2026-02-20T16:03:21.032Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"2818","cve":"CVE-2026-2818","epss":"0.002720000","percentile":"0.189750000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-2818","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-02-20T20:12:17.872342Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-20T20:12:35.205Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"},{"affected":[{"cpes":["cpe:/a:redhat:jboss_fuse:7"],"defaultStatus":"unaffected","product":"Red Hat Fuse 7","vendor":"Red Hat"}],"datePublic":"2026-02-20T16:03:21.032Z","descriptions":[{"lang":"en","value":"A flaw was found in Spring Data Geode. This zip-slip path traversal vulnerability in the import snapshot functionality allows attackers to write files outside the intended extraction directory. This can lead to unauthorized modification of system files or the introduction of malicious content. This vulnerability primarily affects systems running on Windows operating systems."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Important"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":7.1,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-22","description":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T02:45:25.656Z","orgId":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","shortName":"redhat-SADP"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2026-2818"},{"name":"RHBZ#2441384","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441384"},{"tags":["x_sadp-csaf-vex"],"url":"https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-2818.json"}],"timeline":[{"lang":"en","time":"2026-02-20T17:03:16.830Z","value":"Reported to Red Hat."},{"lang":"en","time":"2026-02-20T16:03:21.032Z","value":"Made public."}],"title":"org.springframework.data/spring-data-geode: Spring Data Geode: Path traversal vulnerability allows arbitrary file write via import snapshot functionality.","x_adpType":"supplier","x_generator":{"engine":"sadp-cli 1.0.0"}}],"cna":{"affected":[{"defaultStatus":"unaffected","packageName":"org.springframework.data:spring-data-geode","product":"Spring Data Geode","repo":"https://github.com/spring-attic/spring-data-geode","vendor":"VMware","versions":[{"lessThanOrEqual":"2.7.18","status":"affected","version":"2.0.0.RELEASE","versionType":"maven"}]},{"defaultStatus":"unaffected","packageName":"org.springframework.data:spring-data-gemfire","product":"Spring Data Gemfire","repo":"https://github.com/spring-attic/spring-data-gemfire","vendor":"VMware","versions":[{"lessThanOrEqual":"2.2.13.RELEASE","status":"affected","version":"1.7.0.RELEASE","versionType":"maven"}]}],"descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.<br>"}],"value":"A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only."}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]},{"capecId":"CAPEC-139","descriptions":[{"lang":"en","value":"CAPEC-139 Relative Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":8.2,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"NONE","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-23","description":"CWE-23 Relative Path Traversal","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-02-20T16:03:21.032Z","orgId":"36c7be3b-2937-45df-85ea-ca7133ea542c","shortName":"HeroDevs"},"references":[{"url":"https://www.herodevs.com/vulnerability-directory/cve-2026-2818"}],"source":{"discovery":"EXTERNAL"},"tags":["unsupported-when-assigned","x_open-source"],"title":"Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)","x_generator":{"engine":"Vulnogram 0.5.0"}}},"cveMetadata":{"assignerOrgId":"36c7be3b-2937-45df-85ea-ca7133ea542c","assignerShortName":"HeroDevs","cveId":"CVE-2026-2818","datePublished":"2026-02-20T16:03:21.032Z","dateReserved":"2026-02-19T17:07:41.627Z","dateUpdated":"2026-06-30T02:45:25.656Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-02-20 17:25:57","lastModifiedDate":"2026-06-30 03:18:21","problem_types":["CWE-23","CWE-22","CWE-23 CWE-23 Relative Path Traversal","CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV31":[{"source":"36c7be3b-2937-45df-85ea-ca7133ea542c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N","baseScore":8.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":4.7},{"source":"0b0ca135-0b70-47e7-9f44-1890c2a1c46c","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-20T20:12:17.872342Z","id":"CVE-2026-2818","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"2818","Ordinal":"1","Title":"Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-","CVE":"CVE-2026-2818","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"2818","Ordinal":"1","NoteData":"A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.","Type":"Description","Title":"Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-"}]}}}