CVE-2026-2817
Received Received - Intake
Insecure Directory Use in Spring Data Geode Enables Data Exposure

Publication date: 2026-02-19

Last updated on: 2026-02-19

Assigner: HeroDevs

Description
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-19
Last Modified
2026-02-19
Generated
2026-05-27
AI Q&A
2026-02-19
EPSS Evaluated
2026-05-25
NVD
CVE-2026-2817
EUVD
EUVD-2026-7800
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
spring framework *
spring data_geode From 2.0.0 (inc) to 2.7.18 (exc)
spring data_geode From 1.7.0 (inc) to 2.2.13 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-378 Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.
CWE-379 The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.
CWE-538 The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability involves the use of an insecure directory in the Spring Data Geode snapshot import process. Specifically, when archives are extracted, they are placed into predictable and permissive directories under the system's temporary location.

Because these directories are predictable and permissive, on shared hosts, a local user with only basic privileges can access the extracted snapshot contents of another user. This leads to unintended exposure of cache data.


How can this vulnerability impact me? :

The vulnerability can lead to unauthorized access to sensitive cache data by local users on shared systems. Even users with limited privileges can potentially view or access data extracted by other users, which could result in data leakage or exposure of confidential information.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart