Skip to main content

Quantum Security Gateway CVE-2026-48135

| EUVDEUVD-2026-31822 MEDIUM
Heap-based Buffer Overflow (CWE-122)
2026-05-26 checkpoint GHSA-xf23-668r-fgjv
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Jun 08, 2026 - 12:12 vuln.today

DescriptionCVE.org

A Check Point HTTP-based service can incorrectly handle malformed HTTP requests. The issue is related to HTTP request parsing and validation.

AnalysisAI

Heap-based buffer overflow in Check Point Quantum Security Gateway's HTTP-based service allows unauthenticated remote attackers to cause availability disruption by sending crafted malformed HTTP requests requiring no authentication or user interaction. Affected deployments span all R81.10 releases and below, R81.20 through Jumbo Hotfix Take 127, R82 through Jumbo Hotfix Take 91, and R82.10 through Jumbo Hotfix Take 19. No public exploit identified at time of analysis, though SSVC classifies the attack as automatable with total technical impact - a meaningful tension with the CVSS A:L rating that security teams should scrutinize before deprioritizing.

Technical ContextAI

The vulnerability is rooted in CWE-122 (Heap-based Buffer Overflow), meaning the affected HTTP-based service writes beyond the bounds of a heap-allocated buffer when processing malformed or unexpected HTTP request input. Heap overflows are distinct from stack overflows in that exploitation can corrupt adjacent heap metadata, function pointers, or application data structures - and, depending on heap layout, may enable outcomes beyond simple service crashes. The affected product is confirmed via CPE as cpe:2.3:a:checkpoint:quantum_security_gateway across a broad version range, meaning the flawed HTTP request parsing logic is present in the core gateway software rather than an optional add-on. The root cause is insufficient input validation during HTTP request parsing, allowing attacker-controlled data to overflow a dynamically allocated buffer.

RemediationAI

The primary remediation is to apply the appropriate Jumbo Hotfix for the installed release train per the Check Point vendor advisory at https://support.checkpoint.com/results/sk/sk184991. For R81.20, upgrade to Jumbo Hotfix Take 128 or later. For R82, upgrade to Jumbo Hotfix Take 92 or later. For R82.10, upgrade to Jumbo Hotfix Take 20 or later. Installations on R81.10 or earlier should be considered fully affected with no inline hotfix path confirmed from available data - upgrading to a supported release train with a published fix is the recommended course of action. If immediate patching is not feasible, reducing external exposure of the HTTP-based management or gateway service through network-level controls (firewall rules restricting access to the service port to trusted IP ranges only) would reduce the unauthenticated attack surface, though this introduces operational friction for environments that rely on broad gateway accessibility. No vendor-confirmed workaround short of patching is identified in available data.

CVE-2017-1000083 HIGH POC
7.8 Sep 05

backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to e

CVE-2024-3568 CRITICAL POC
9.6 Apr 10

The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data

CVE-2026-24747 HIGH POC
8.8 Jan 27

PyTorch is a Python package that provides tensor computation. [CVSS 8.8 HIGH]

CVE-2022-41604 HIGH POC
8.8 Sep 27

Check Point ZoneAlarm Extreme Security before 15.8.211.19229 allows local users to escalate privileges. Rated high sever

CVE-2024-24919 HIGH POC
8.6 May 28

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the inte

CVE-2026-58659 HIGH POC
8.4 Jul 15

Remote code execution in PyTorch Lightning through 2.6.5 allows an attacker who can get a victim to load a malicious che

CVE-2019-8461 HIGH POC
7.8 Aug 29

Check Point Endpoint Security Initial Client for Windows before version E81.30 tries to load a DLL placed in any PATH lo

CVE-2019-8452 HIGH POC
7.8 Apr 22

A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security clien

CVE-2013-7350 CRITICAL
10.0 Apr 01

Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x bef

CVE-2026-31214 CRITICAL
9.8 May 12

Arbitrary code execution via torch-checkpoint-shrink.py script in ml-engineering project allows remote attackers to exec

CVE-2019-8459 CRITICAL
9.8 Jun 20

Check Point Endpoint Security Client for Windows, with the VPN blade, before version E80.83, starts a process without us

CVE-2026-31222 HIGH
8.8 May 12

Arbitrary code execution in Snorkel machine learning library (≤v0.10.0) occurs when users load malicious model checkpoin

Share

CVE-2026-48135 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy