VPN Service Vulnerability in Check Point Products
CVE-2026-48131

8.1HIGH

Key Information:

Vendor: Checkpoint
Status: Quantum Security Gateway
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48131?

The VPN service from Check Point may improperly handle unexpected IKE fragment values on port 500/UDP during initial connection attempts. This mishandling can lead to unexpected service termination, disrupting VPN functionalities temporarily and impacting user connectivity.

Affected Version(s)

Quantum Security Gateway R82.10 with Jumbo Hotfix Take 6 or below

Quantum Security Gateway R82 with Jumbo Hotfix Take 91 or below

Quantum Security Gateway R81.20 with Jumbo Hotfix Take 127 or below

References

https://support.checkpoint.com/results/sk/sk184981

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-48131 Data

JSON

Checkpoint

What is CVE-2026-48131?

Affected Version(s)

References

CVSS V3.1

Timeline