Skip to main content

Quantum Security Management

1 CVEs product

Monthly

CVE-2026-48136 MEDIUM This Month

Cross-domain RBAC bypass in Check Point Quantum Security Management allows an authenticated administrator with read-write access to one Management Domain (CMA) to modify Compliance Best Practices metadata stored in a separate Management Domain where they hold no permissions. The underlying root cause is SQL injection (CWE-89, corroborated by the 'SQLi' intelligence tag), suggesting the Compliance feature's metadata storage does not enforce domain-level query isolation. Affected releases span R81.10 and below, R81.20 up to Jumbo Hotfix Take 127, R82 up to Jumbo Hotfix Take 91, and R82.10 up to Jumbo Hotfix Take 19. No public exploit identified at time of analysis, and EPSS of 0.04% reflects low observed exploitation probability.

Checkpoint SQLi Quantum Security Management
NVD
CVSS 3.1
4.1
EPSS
0.0%
EPSS 0% CVSS 4.1
MEDIUM This Month

Cross-domain RBAC bypass in Check Point Quantum Security Management allows an authenticated administrator with read-write access to one Management Domain (CMA) to modify Compliance Best Practices metadata stored in a separate Management Domain where they hold no permissions. The underlying root cause is SQL injection (CWE-89, corroborated by the 'SQLi' intelligence tag), suggesting the Compliance feature's metadata storage does not enforce domain-level query isolation. Affected releases span R81.10 and below, R81.20 up to Jumbo Hotfix Take 127, R82 up to Jumbo Hotfix Take 91, and R82.10 up to Jumbo Hotfix Take 19. No public exploit identified at time of analysis, and EPSS of 0.04% reflects low observed exploitation probability.

Checkpoint SQLi Quantum Security Management
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy