CVE-2026-48131 PUBLISHED

VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Assigner: checkpoint
Reserved: 20.05.2026 Published: 26.05.2026 Updated: 26.05.2026

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 8.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	checkpoint
Product	Quantum Security Gateway
Versions	Version R82.10 with Jumbo Hotfix Take 6 or below is affected Version R82 with Jumbo Hotfix Take 91 or below is affected Version R81.20 with Jumbo Hotfix Take 127 or below is affected Version All releases from R81.10 and below is affected

References

https://support.checkpoint.com/results/sk/sk184981

Problem Types

CWE-122: Heap-based Buffer Overflow CWE