Input Handling Vulnerability in Check Point UserCheck Web Portal
CVE-2026-48134

5.6MEDIUM

Key Information:

Vendor: Checkpoint
Status: Quantum Security Gateway
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48134?

An input-handling issue has been identified in the UserCheck Web Portal of Check Point when the Data Loss Prevention (DLP) feature is active. Specifically, this vulnerability arises during the UserChoice flow. Attackers with access to the UserCheck Ask page may exploit this vulnerability to manipulate the Security Gateway's stored DLP/UserCheck incident data. This manipulation could lead to significant disruptions, including the loss of stored incident entries and the mismanagement of pending approvals. Furthermore, repeated abuse of this issue can impact resources. To mitigate exposure, ensure that the UserCheck Portal is not accessible from untrusted networks.

Affected Version(s)

Quantum Security Gateway R82.10 with Jumbo Hotfix Take 6 or below

Quantum Security Gateway R82 with Jumbo Hotfix Take 91 or below

Quantum Security Gateway R81.20 with Jumbo Hotfix Take 127 or below

References

https://support.checkpoint.com/results/sk/sk184983

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-48134 Data

JSON

Checkpoint

What is CVE-2026-48134?

Affected Version(s)

References

CVSS V3.1

Timeline