Home

Description

Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.

PUBLISHED Reserved 2026-02-19 | Published 2026-02-19 | Updated 2026-02-20 | Assigner HeroDevs




MEDIUM: 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory

CWE-378: Creation of Temporary File With Insecure Permissions

CWE-379: Creation of Temporary File in Directory with Insecure Permissions

Product status

Default status
unaffected

2.0.0.RELEASE (maven)
affected

Default status
unaffected

1.7.0.RELEASE (maven)
affected

References

www.herodevs.com/vulnerability-directory/cve-2026-2817

cve.org (CVE-2026-2817)

nvd.nist.gov (CVE-2026-2817)

Download JSON