Description
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
Published: 2026-05-26
Score: 8.1 High
EPSS: 2.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability exists in the VPN service of the Quantum Security Gateway, where a flaw in validating a length field of certain IKE packets over NAT-T using port 4500/UDP allows a malicious sender to craft a packet that forces the processing service to terminate. This results in a temporary interruption of VPN negotiations and traffic, effectively denying service to legitimate users. The weakness maps to CWE‑125, indicating improper buffer bounds handling.

Affected Systems

The affected product is Checkpoint Quantum Security Gateway. No specific firmware or version range was listed in the available CNA data, so any installation of this gateway product remains potentially vulnerable until a patch is applied.

Risk and Exploitability

The CVSS score of 8.1 classifies this vulnerability as a moderate to high severity issue. The EPSS score of 2% indicates a low but non-zero exploitation probability, suggesting that attackers could feasibly target the VPN by sending malicious IKE packets. The vulnerability is not listed in the CISA KEV catalog, indicating no known widespread exploitation, but the potential impact on critical VPN services warrants prompt attention.

Generated by OpenCVE AI on June 17, 2026 at 10:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑published patch or upgrade to the latest firmware for the Quantum Security Gateway that corrects the IKE packet length validation bug
  • Limit inbound UDP 4500 traffic to trusted IP addresses by configuring firewall rules or implementing access control lists
  • Disable or bypass NAT‑Traversal on the VPN gateway if it is not required, or route IKE traffic through a secured, non‑NAT channel

Generated by OpenCVE AI on June 17, 2026 at 10:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint
Checkpoint quantum Security Gateway
Vendors & Products Checkpoint
Checkpoint quantum Security Gateway

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H'}

 cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
Title VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H'}

Subscriptions

Checkpoint Quantum Security Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-06-02T14:09:19.968Z

Reserved: 2026-05-20T19:29:00.635Z

Link: CVE-2026-48132

cve-icon Vulnrichment

Updated: 2026-06-02T14:09:12.923Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T14:16:38.587

Modified: 2026-05-26T19:09:11.220

Link: CVE-2026-48132

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T10:30:06Z

Weaknesses