Directory Permissions Vulnerability in Spring Data Geode by VMware
CVE-2026-2817

4.8MEDIUM

Key Information:

Vendor: Vmware
Status: Spring Data Geode; Spring Data Gemfire
Vendor: CVE Published:; 19 February 2026

What is CVE-2026-2817?

An insecure directory issue in VMware's Spring Data Geode allows snapshot imports to extract archives into predictable and permissive directories within the system temp location. This vulnerability can be exploited on shared hosting environments, where a local user with basic privileges gains access to another user's extracted snapshot contents, thereby exposing sensitive cache data. It is crucial to apply appropriate security measures to prevent unauthorized access to these directories.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Spring Data Gemfire 1.7.0.RELEASE <= 2.2.13.RELEASE

Spring Data Geode 2.0.0.RELEASE <= 2.7.18

References

https://www.herodevs.com/vulnerability-directory/cve-2026...

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Feb 19, 2026
Vulnerability Reserved
Feb 19, 2026

JSON

Vmware

What is CVE-2026-2817?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.