CVE-2026-48131

HIGH

VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Title source: cna

Description

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).

References (1)

Core 1

Core References

https://support.checkpoint.com/results/sk/sk184981

Scores

CVSS v3 8.1

EPSS 0.0302

EPSS Percentile 85.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-122

Status published

Products (4)

checkpoint/Quantum Security Gateway All releases from R81.10 and below

checkpoint/Quantum Security Gateway R81.20 with Jumbo Hotfix Take 127 or below

checkpoint/Quantum Security Gateway R82 with Jumbo Hotfix Take 91 or below

checkpoint/Quantum Security Gateway R82.10 with Jumbo Hotfix Take 6 or below

Published May 26, 2026

Tracked Since May 26, 2026