PatchSiren cyber security CVE debrief
CVE-2026-2818 VMware CVE debrief
CVE-2026-2818 is a high-severity zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality. This vulnerability allows attackers to write files outside the intended extraction directory and appears to be susceptible on Windows OS only. The vulnerability has a CVSS score of 8.2 and is classified as HIGH. The CVE was published on 2026-02-20T17:25:57.980Z and last modified on 2026-06-30T03:18:21.900Z. The vendor and product information is not available, but there are several references to Red Hat and Herodevs.
- Vendor
- VMware
- Product
- Spring Data Geode
- CVSS
- HIGH 8.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-02-20
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-02-20
- Advisory updated
- 2026-06-30
Who should care
Security teams and administrators responsible for Spring Data Geode deployments, especially on Windows OS, should be aware of this vulnerability. They should assess their exposure and apply necessary patches or mitigations to prevent potential attacks. Additionally, defenders should review their inventory of affected systems and prioritize remediation efforts based on the CVSS score and potential impact.
Technical summary
CVE-2026-2818 is a zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality. The vulnerability allows attackers to write files outside the intended extraction directory, potentially leading to code execution or data tampering. The vulnerability appears to be susceptible on Windows OS only. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N, indicating a high severity. The weakness is classified as CWE-22 and CWE-23.
Defensive priority
High priority should be given to patching or mitigating this vulnerability, especially in Windows OS environments. Defenders should review their system inventory and apply necessary patches or compensating controls to prevent potential attacks.
Recommended defensive actions
- Assess exposure and apply necessary patches or mitigations
- Review system inventory and prioritize remediation efforts
- Implement compensating controls to prevent potential attacks
- Monitor system logs for suspicious activity
- Verify vendor remediation workflow and apply fixes
Evidence notes
The CVE-2026-2818 vulnerability has a high CVSS score of 8.2 and is classified as HIGH. The vulnerability appears to be susceptible on Windows OS only. The vendor and product information is not available. There are several references to Red Hat and Herodevs, including a detailed description of the vulnerability and its impact.
Official resources
-
CVE-2026-2818 CVE record
CVE.org
-
CVE-2026-2818 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
36c7be3b-2937-45df-85ea-ca7133ea542c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.