CVE-2026-2818: Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific)

Published Feb 20, 2026
·
Updated

A zip-slip path traversal vulnerability in Spring Data Geode's import snapshot functionality allows attackers to write files outside the intended extraction directory. This vulnerability appears to be susceptible on Windows OS only.

Affected Software

1 affected component
Pivotal Spring Data Geode

Event History

Feb 20, 2026
CVE Published
via MITRE·04:03 PM
Data Sourced
via MITRE·04:03 PM
DescriptionSeverityWeakness
Data Sourced
via NVD·05:25 PM
DescriptionSeverityWeakness
Jan 24, 58126
Event
via FIRST·03:09 AM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-2818?

The severity of CVE-2026-2818 is considered high due to its potential for exploitation leading to unauthorized file access.

2

How do I fix CVE-2026-2818?

To fix CVE-2026-2818, update to the latest version of Pivotal Spring Data Geode that addresses the vulnerability.

3

What platforms are affected by CVE-2026-2818?

CVE-2026-2818 specifically affects the Windows operating system when using Spring Data Geode's import snapshot functionality.

4

What is the impact of CVE-2026-2818?

The impact of CVE-2026-2818 allows attackers to write files outside the intended extraction directory, leading to potential data compromise.

5

Is there a workaround for CVE-2026-2818?

A temporary workaround for CVE-2026-2818 is to avoid using the import snapshot functionality until a patch is applied.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2026-2818 - Zip Slip Path Traversal in Snapshot Archive Extraction (Windows-Specific) - SecAlerts