Role-Based Access Control Bypass in Check Point Multi-Domain Management
CVE-2026-48136

4.1MEDIUM

Key Information:

Vendor: Checkpoint
Status: Quantum Security Management
Vendor: CVE Published:; 26 May 2026

What is CVE-2026-48136?

An authentication oversight in Check Point's Multi-Domain Management allows an administrator with read-write access in one Management Domain to modify compliance-related metadata in another Management Domain, undermining the intended Role-Based Access Control measures. This leads to potential unauthorized access and manipulation of critical compliance practices, posing risks to data integrity and security. Effective remediation is necessary to ensure that administrative privileges are appropriately enforced and maintained across all Management Domains.

Affected Version(s)

Quantum Security Management R82.10 with Jumbo Hotfix Take 6 or below

Quantum Security Management R82 with Jumbo Hotfix Take 91 or below

Quantum Security Management R81.20 with Jumbo Hotfix Take 127 or below

References

https://support.checkpoint.com/results/sk/sk184992

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2026
Vulnerability Reserved
May 20, 2026

CVE-2026-48136 Data

JSON

Checkpoint

What is CVE-2026-48136?

Affected Version(s)

References

CVSS V3.1

Timeline