{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2817", "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "state": "PUBLISHED", "assignerShortName": "HeroDevs", "dateReserved": "2026-02-19T17:07:39.475Z", "datePublished": "2026-02-19T17:18:09.839Z", "dateUpdated": "2026-02-20T20:31:49.664Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "packageName": "org.springframework.data:spring-data-geode", "product": "Spring Data Geode", "repo": "https://github.com/spring-attic/spring-data-geode", "vendor": "VMware", "versions": [{"lessThanOrEqual": "2.7.18", "status": "affected", "version": "2.0.0.RELEASE", "versionType": "maven"}]}, {"defaultStatus": "unaffected", "packageName": "org.springframework.data:spring-data-gemfire", "product": "Spring Data Gemfire", "repo": "https://github.com/spring-attic/spring-data-gemfire", "vendor": "VMware", "versions": [{"lessThanOrEqual": "2.2.13.RELEASE", "status": "affected", "version": "1.7.0.RELEASE", "versionType": "maven"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot contents, leading to unintended exposure of cache data."}], "value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u00a0contents, leading to unintended exposure of cache data."}], "impacts": [{"capecId": "CAPEC-149", "descriptions": [{"lang": "en", "value": "CAPEC-149 Explore for Predictable Temporary File Names"}]}, {"capecId": "CAPEC-155", "descriptions": [{"lang": "en", "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 4.8, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-538", "description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-378", "description": "CWE-378: Creation of Temporary File With Insecure Permissions", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-379", "description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "shortName": "HeroDevs", "dateUpdated": "2026-02-19T17:18:09.839Z"}, "references": [{"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817"}], "source": {"discovery": "EXTERNAL"}, "tags": ["unsupported-when-assigned", "x_open-source"], "title": "Spring Data Geode Insecure Temporary Directory Usage", "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T20:31:34.178282Z", "id": "CVE-2026-2817", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:31:49.664Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2817", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T20:31:34.178282Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:31:42.633Z"}}], "cna": {"tags": ["unsupported-when-assigned", "x_open-source"], "title": "Spring Data Geode Insecure Temporary Directory Usage", "source": {"discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-149", "descriptions": [{"lang": "en", "value": "CAPEC-149 Explore for Predictable Temporary File Names"}]}, {"capecId": "CAPEC-155", "descriptions": [{"lang": "en", "value": "CAPEC-155 Screen Temporary Files for Sensitive Information"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 4.8, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/spring-attic/spring-data-geode", "vendor": "VMware", "product": "Spring Data Geode", "versions": [{"status": "affected", "version": "2.0.0.RELEASE", "versionType": "maven", "lessThanOrEqual": "2.7.18"}], "packageName": "org.springframework.data:spring-data-geode", "defaultStatus": "unaffected"}, {"repo": "https://github.com/spring-attic/spring-data-gemfire", "vendor": "VMware", "product": "Spring Data Gemfire", "versions": [{"status": "affected", "version": "1.7.0.RELEASE", "versionType": "maven", "lessThanOrEqual": "2.2.13.RELEASE"}], "packageName": "org.springframework.data:spring-data-gemfire", "defaultStatus": "unaffected"}], "references": [{"url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u00a0contents, leading to unintended exposure of cache data.", "supportingMedia": [{"type": "text/html", "value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot contents, leading to unintended exposure of cache data.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-538", "description": "CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-378", "description": "CWE-378: Creation of Temporary File With Insecure Permissions"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-379", "description": "CWE-379: Creation of Temporary File in Directory with Insecure Permissions"}]}], "providerMetadata": {"orgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "shortName": "HeroDevs", "dateUpdated": "2026-02-19T17:18:09.839Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2817", "state": "PUBLISHED", "dateUpdated": "2026-02-20T20:31:49.664Z", "dateReserved": "2026-02-19T17:07:39.475Z", "assignerOrgId": "36c7be3b-2937-45df-85ea-ca7133ea542c", "datePublished": "2026-02-19T17:18:09.839Z", "assignerShortName": "HeroDevs"}, "dataVersion": "5.2"}

{"cveTags": [{"sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "Use of insecure directory in Spring Data Geode snapshot import extracts archives into predictable, permissive directories under the system temp location. On shared hosts, a local user with basic privileges can access another user\u2019s extracted snapshot\u00a0contents, leading to unintended exposure of cache data."}, {"lang": "es", "value": "Uso de directorio inseguro en la importaci\u00f3n de instant\u00e1neas de Spring Data Geode extrae archivos en directorios predecibles y permisivos bajo la ubicaci\u00f3n temporal del sistema. En hosts compartidos, un usuario local con privilegios b\u00e1sicos puede acceder al contenido de la instant\u00e1nea extra\u00edda de otro usuario, lo que lleva a una exposici\u00f3n no intencionada de datos de cach\u00e9."}], "id": "CVE-2026-2817", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 2.5, "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "type": "Secondary"}]}, "published": "2026-02-19T18:25:00.983", "references": [{"source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "url": "https://www.herodevs.com/vulnerability-directory/cve-2026-2817"}], "sourceIdentifier": "36c7be3b-2937-45df-85ea-ca7133ea542c", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-378"}, {"lang": "en", "value": "CWE-379"}, {"lang": "en", "value": "CWE-538"}], "source": "36c7be3b-2937-45df-85ea-ca7133ea542c", "type": "Secondary"}]}

{"bugzilla": {"description": "org.springframework.data/spring-data-geode: Spring Data Geode: Information disclosure via insecure temporary directory for snapshot imports", "id": "2441042", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441042"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-379", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-2817", "package_state": [{"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Fix deferred", "package_name": "spring-data-geode", "product_name": "Red Hat Fuse 7"}], "public_date": "2026-02-19T17:18:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2817\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2817\nhttps://www.herodevs.com/vulnerability-directory/cve-2026-2817"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[1.7.0.RELEASE,2.2.13.RELEASE]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Spring Data Gemfire", "source": "cna", "vendor": "VMware"}, "product": "spring_data_gemfire", "vendor": "vmware"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[2.0.0.RELEASE,2.7.18]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "Spring Data Geode", "source": "cna", "vendor": "VMware"}, "product": "spring_data_geode", "vendor": "vmware"}], "analysis": {"en": {"generated_at": "2026-04-17T18:02:15.273115+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest Spring Data Geode or Spring Data Gemfire release that implements a secure temporary directory handling for snapshot imports.", "If an upgrade is not feasible, configure the application to use a dedicated temporary directory with restricted permissions, or set the JVM property java.io.tmpdir to a secure location owned by the application user to prevent cross\u2011user read access.", "Disable or restrict the snapshot import feature for untrusted users, ensuring that only authenticated administrators can invoke it."], "summary": {"action": "Patch Immediately", "impact": "Unintended Cache Data Exposure"}, "threat_synthesis": {"affected_systems": "Affected systems include VMware Spring Data Gemfire and VMware Spring Data Geode implementations. No specific product versions are listed in the CNA data, so all installations that use snapshot import functions before the patch should be reviewed. Administrators should verify whether the application was built with the vulnerable component.", "description_and_impact": "The vulnerability arises from Spring Data Geode using a non\u2011privileged temporary directory when importing snapshot archives, causing extracted files to be placed in a predictable, world\u2011readable system temp location. This flaw can lead to unauthorized disclosure of cache contents to local users with basic privileges, as they can read the extracted data created by another user. The weakness involves insecure temp directory usage, aligning with CWE\u2011378, CWE\u2011379, and CWE\u2011538.", "risk_and_exploitability": "The CVSS base score is 4.8, indicating moderate severity, while the EPSS score is below 1%, suggesting a low likelihood of exploitation at this time. The vulnerability is not currently listed in the CISA KEV catalog. Exploitation requires a local user with basic privileges on a shared host and the ability to trigger a snapshot import, implying a local attack vector. Given the moderate impact on confidentiality and the low probability of attack, organizations should assess the risk and consider remediation promptly."}}}}, "created": "2026-02-20T10:06:16.733334+00:00", "updated": "2026-04-17T18:15:26.765240+00:00", "vendors": ["vmware", "vmware$PRODUCT$spring_data_gemfire", "vmware$PRODUCT$spring_data_geode"]}