CVE-2026-48133

Summary

When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.

Affected Software

VendorProductVersion RangeStatus
checkpointQuantum Security GatewayR82.10 with Jumbo Hotfix Take 6 or belowaffected
checkpointQuantum Security GatewayR82 with Jumbo Hotfix Take 91 or belowaffected
checkpointQuantum Security GatewayR81.20 with Jumbo Hotfix Take 127 or belowaffected
checkpointQuantum Security GatewayAll releases from R81.10 and belowaffected

Weaknesses

  • CWE-98: CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References