CVE-2026-48132

Summary

The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).

Affected Software

VendorProductVersion RangeStatus
checkpointQuantum Security GatewayR82.10 with Jumbo Hotfix Take 6 or belowaffected
checkpointQuantum Security GatewayR82 with Jumbo Hotfix Take 91 or belowaffected
checkpointQuantum Security GatewayR81.20 with Jumbo Hotfix Take 127 or belowaffected
checkpointQuantum Security GatewayAll releases from R81.10 and belowaffected

Weaknesses

  • CWE-125: CWE-125: Out-of-bounds Read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References