CVE-2026-2817
Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
19/02/2026
Last modified:
20/02/2026
Description
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.
Impact
Base Score 4.0
4.80
Severity 4.0
MEDIUM
Base Score 3.x
4.40
Severity 3.x
MEDIUM



