CVE-2026-48134

SQL injection issue in UserCheck Portal when DLP Software Blade is active

Assigner: checkpoint
Reserved: 20.05.2026 Published: 26.05.2026 Updated: 26.05.2026

When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly. Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.

Metrics

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score: 5.6

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	checkpoint
Product	Quantum Security Gateway
Versions	Version R82.10 with Jumbo Hotfix Take 6 or below is affected Version R82 with Jumbo Hotfix Take 91 or below is affected Version R81.20 with Jumbo Hotfix Take 127 or below is affected Version All releases from R81.10 and below is affected

Vendor

checkpoint

Product

Quantum Security Gateway

Versions

Version R82.10 with Jumbo Hotfix Take 6 or below is affected
Version R82 with Jumbo Hotfix Take 91 or below is affected
Version R81.20 with Jumbo Hotfix Take 127 or below is affected
Version All releases from R81.10 and below is affected

References

Problem Types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE

CVE-2026-48134 PUBLISHED

SQL injection issue in UserCheck Portal when DLP Software Blade is active

Metrics

Product Status

References

Problem Types