Description
Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.
Published: 2026-02-19
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unintended Cache Data Exposure
Action: Patch Immediately
AI Analysis

Impact

The vulnerability arises from Spring Data Geode using a non‑privileged temporary directory when importing snapshot archives, causing extracted files to be placed in a predictable, world‑readable system temp location. This flaw can lead to unauthorized disclosure of cache contents to local users with basic privileges, as they can read the extracted data created by another user. The weakness involves insecure temp directory usage, aligning with CWE‑378, CWE‑379, and CWE‑538.

Affected Systems

Affected systems include VMware Spring Data Gemfire and VMware Spring Data Geode implementations. No specific product versions are listed in the CNA data, so all installations that use snapshot import functions before the patch should be reviewed. Administrators should verify whether the application was built with the vulnerable component.

Risk and Exploitability

The CVSS base score is 4.8, indicating moderate severity, while the EPSS score is below 1%, suggesting a low likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires a local user with basic privileges on a shared host and the ability to trigger a snapshot import, implying a local attack vector. Given the moderate impact on confidentiality and the low probability of attack, organizations should assess the risk and consider remediation promptly.

Generated by OpenCVE AI on April 17, 2026 at 18:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Spring Data Geode or Spring Data Gemfire release that implements a secure temporary directory handling for snapshot imports.
  • If an upgrade is not feasible, configure the application to use a dedicated temporary directory with restricted permissions, or set the JVM property java.io.tmpdir to a secure location owned by the application user to prevent cross‑user read access.
  • Disable or restrict the snapshot import feature for untrusted users, ensuring that only authenticated administrators can invoke it.

Generated by OpenCVE AI on April 17, 2026 at 18:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 20 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Moderate

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware spring Data Gemfire
Vmware spring Data Geode
Vendors & Products Vmware
Vmware spring Data Gemfire
Vmware spring Data Geode

Thu, 19 Feb 2026 18:00:00 +0000

Type Values Removed Values Added
Description Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user’s extracted snapshot contents, leading to unintended exposure of cache data.
Title Spring Data Geode Insecure Temporary Directory Usage
Weaknesses CWE-378
CWE-379
CWE-538
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Vmware Spring Data Gemfire Spring Data Geode
cve-icon MITRE

Status: PUBLISHED

Assigner: HeroDevs

Published:

Updated: 2026-02-20T20:31:49.664Z

Reserved: 2026-02-19T17:07:39.475Z

Link: CVE-2026-2817

cve-icon Vulnrichment

Updated: 2026-02-20T20:31:42.633Z

cve-icon NVD

Status : Deferred

Published: 2026-02-19T18:25:00.983

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2817

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-19T17:18:09Z

Links: CVE-2026-2817 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:15:26Z

Weaknesses