Description
The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
Published: 2026-05-26
Score: 8.1 High
EPSS: 3.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability occurs when an unexpected IKE fragment value is received on the VPN service’s IKE port (UDP 500) during the early stages of a connection attempt. The fixed‑size buffer used for fragment reassembly can be written beyond its bounds when the fragment sequence number is zero, leading to a heap out‑of‑bounds write. The immediate consequence is that the VPN process terminates, causing a temporary denial of service to VPN clients and administrators.

Affected Systems

Checkpoint Quantum Security Gateway is the only vendor/product listed as affected. No specific firmware or software version ranges are provided in the public data, so any deployment of this gateway should be reviewed for the presence of this flaw until a patch is available.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity, with the attack vector inferred to be remote because the vulnerability is triggered by data received over the open UDP 500 port. The EPSS score is 3%, and the flaw is not listed in CISA KEV, suggesting that while exploitation is theoretically possible, no widespread public exploitation is currently confirmed. Nonetheless, the impact on availability is significant for organizations that rely on VPN endpoints for remote access.

Generated by OpenCVE AI on June 16, 2026 at 12:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Download and install the latest firmware update from Checkpoint that fixes the IKE fragment reassembly bug.
  • Reboot the Quantum Security Gateway to clear the crashed state after applying the update.
  • Until the update can be applied, isolate the VPN service by blocking inbound traffic on UDP 500 or disabling the VPN feature to prevent malicious fragment delivery.

Generated by OpenCVE AI on June 16, 2026 at 12:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint
Checkpoint quantum Security Gateway
Vendors & Products Checkpoint
Checkpoint quantum Security Gateway

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).
Title VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Checkpoint Quantum Security Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-05-26T15:18:43.287Z

Reserved: 2026-05-20T19:29:00.635Z

Link: CVE-2026-48131

cve-icon Vulnrichment

Updated: 2026-05-26T15:18:38.016Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T14:16:38.407

Modified: 2026-05-26T19:09:11.220

Link: CVE-2026-48131

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T12:45:16Z

Weaknesses
  • CWE-122

    Heap-based Buffer Overflow