CVE-2026-48136 - Vulnerability Details

- Authenticated Administrator Role-Based Access Control Bypass in Compliance

Description

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).

Published: 2026-05-26

Score: 4.1 Medium

EPSS: 3.8% Low

KEV: No

Impact:

Action:

Analysis

Impact

An authenticated administrator with read‑write privileges in one Management Domain can edit compliance metadata that belongs to a different domain where the administrator has no access permissions, bypassing RBAC. This flaw enables the attacker to alter records used for compliance verification. Based on the description, it is inferred that these unauthorized changes might impact audit reports.

Affected Systems

Checkpoint Quantum Security Management is affected when Compliance is enabled in a Multi‑Domain Management environment. The vulnerability applies to all deployments that allow cross‑domain administrators to update compliance best practice metadata, but no specific software version is listed.

Risk and Exploitability

The CVSS score of 4.1 indicates moderate severity. EPSS data is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no well‑known widespread exploitation. The attack requires legitimate administrator credentials with write access in at least one domain; such accounts are typically privileged and limited in number. If an attacker obtains such credentials, they can change compliance data in other domains. The overall likelihood depends on the organization’s domain segregation and the number of cross‑domain users.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

checkpoint

Quantum Security Management

affected

Version	Status	Constraints
`R82.10 with Jumbo Hotfix Take 6 or below`	affected	—
`R82 with Jumbo Hotfix Take 91 or below`	affected	—
`R81.20 with Jumbo Hotfix Take 127 or below`	affected	—
`All releases from R81.10 and below`	affected	—

No data.

Vendor Product Confidence Versions

Checkpoint

Quantum Security Management

100%

Version	Status	Scheme	Platform
`[0,R82.10]`	affected	generic	—
`[0,R82]`	affected	generic	—
`[0,R81.20]`	affected	generic	—
`[0,R81.10]`	affected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Monitor Check Point product updates and install any released patch that addresses the RBAC bypass immediately.
Restrict cross‑domain read‑write privileges for administrators, ensuring they only have write access in authorized domains.
Enforce strict domain boundary checks in the compliance metadata update workflow, rejecting updates that target unauthorized domains.
Enable detailed audit logging for all compliance metadata changes and configure alerts for unauthorized modifications.
Review SQL statements handling compliance metadata to ensure they use parameterized queries and validate inputs, mitigating potential injection (CWE‑89).

Generated by OpenCVE AI on May 26, 2026 at 17:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.03796.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://support.checkpoint.com/results/sk/sk184992

History

Tue, 02 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Checkpoint Checkpoint quantum Security Management
Vendors & Products		Checkpoint Checkpoint quantum Security Management

Tue, 26 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
Title		Authenticated Administrator Role-Based Access Control Bypass in Compliance
Weaknesses		CWE-89
References		https://support.checkpoint.com/results/sk/sk184992
Metrics		cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L'}`

Subscriptions

Checkpoint Quantum Security Management

MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2026-05-26T12:57:29.298Z

Updated: 2026-06-02T14:17:00.827Z

Reserved: 2026-05-20T19:29:00.635Z

Link: CVE-2026-48136

Vulnrichment

Updated: 2026-06-02T14:16:56.328Z

NVD

Status : Awaiting Analysis

Published: 2026-05-26T14:16:39.130

Modified: 2026-05-26T19:09:11.220

Link: CVE-2026-48136

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-26T17:30:10Z

Weaknesses

CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object