CVE-2026-48136 PUBLISHED

Authenticated Administrator Role-Based Access Control Bypass in Compliance

Assigner: checkpoint
Reserved: 20.05.2026 Published: 26.05.2026 Updated: 26.05.2026

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
CVSS Score: 4.1

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	Low
Privileges Required	High	Integrity Impact	Low
User Interaction	None	Availability Impact	Low

CVSS 3.1

Product Status

Vendor	checkpoint
Product	Quantum Security Management
Versions	Version R82.10 with Jumbo Hotfix Take 6 or below is affected Version R82 with Jumbo Hotfix Take 91 or below is affected Version R81.20 with Jumbo Hotfix Take 127 or below is affected Version All releases from R81.10 and below is affected

References

https://support.checkpoint.com/results/sk/sk184992

Problem Types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE