Description
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.
Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
Published: 2026-05-26
Score: 5.6 Medium
EPSS: 4.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The reported flaw is an SQL injection vulnerability in the UserCheck Web Portal that is triggered when the DLP Software Blade is active. When an attacker can reach the UserCheck Ask page, the input handling in the UserChoice flow allows the injection of malicious SQL statements. This can delete or corrupt stored DLP/UserCheck incident records, cause pending approvals to be handled incorrectly, or degrade system resources if abused repeatedly.

Affected Systems

The affected product is the Checkpoint Quantum Security Gateway, specifically its UserCheck Web Portal component running under the DLP Software Blade. No specific version information is provided, so any deployed instance of this gateway that includes the UserCheck portal while the DLP blade is operational is potentially vulnerable.

Risk and Exploitability

The vulnerability has a CVSS score of 5.6, indicating medium severity. The EPSS score is 4% and the issue is not listed in the CISA KEV catalog, which suggests that no widespread exploitation has been observed yet. However, the attack vector is likely remote via the web portal; an attacker who can access the UserCheck Ask page may exploit the flaw. Exposure is mitigated if the portal is not exposed to untrusted networks, but if those networks can reach the page the risk of data loss or corruption remains significant.

Generated by OpenCVE AI on June 17, 2026 at 10:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Block external access to the UserCheck Ask page by restricting the UserCheck Web Portal to trusted internal networks or firewalls.
  • Apply any vendor-released patch or update for the Quantum Security Gateway that addresses the SQL injection in the UserCheck portal as soon as it becomes available.
  • Monitor database logs and incident records for unexpected deletions or abnormal query patterns, and configure alerts for any sudden changes in incident entry counts or approval flows.

Generated by OpenCVE AI on June 17, 2026 at 10:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 26 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint
Checkpoint quantum Security Gateway
Vendors & Products Checkpoint
Checkpoint quantum Security Gateway

Tue, 26 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

 cvssV3_1

{'score': 5.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L'}

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
Title SQL injection issue in UserCheck Portal when DLP Software Blade is active
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L'}

Subscriptions

Checkpoint Quantum Security Gateway
cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-06-02T14:15:31.285Z

Reserved: 2026-05-20T19:29:00.635Z

Link: CVE-2026-48134

cve-icon Vulnrichment

Updated: 2026-06-02T14:15:27.431Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-26T14:16:38.870

Modified: 2026-05-26T19:09:11.220

Link: CVE-2026-48134

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-17T10:30:06Z

Weaknesses
  • CWE-89

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')