Checkpoint Security Gateway DLP Input Handling Flaw
CVE-2026-48134 Published on May 26, 2026
SQL injection issue in UserCheck Portal when DLP Software Blade is active
When the DLP is active, the UserCheck Web Portal contains an input-handling issue in the UserChoice flow. Under specific conditions, an attacker who can access the UserCheck Ask page could attempt to manipulate the Security Gateway's stored DLP/UserCheck incident information. This could lead to disruptions such as loss of stored incident entries, incorrect handling of pending approvals, or resource impact if the issue is abused repeatedly.
Exposure is reduced if the UserCheck Portal is not accessible from untrusted networks.
Vulnerability Analysis
CVE-2026-48134 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
What is a SQL Injection Vulnerability?
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
CVE-2026-48134 has been classified to as a SQL Injection vulnerability or weakness.
Products Associated with CVE-2026-48134
Want to know whenever a new CVE is published for Check Point Software Security Gateway? stack.watch will email you.
Affected Versions
checkpoint Quantum Security Gateway:- Version R82.10 with Jumbo Hotfix Take 6 or below is affected.
- Version R82 with Jumbo Hotfix Take 91 or below is affected.
- Version R81.20 with Jumbo Hotfix Take 127 or below is affected.
- Version All releases from R81.10 and below is affected.