CVE-2026-48136 - Vulnerability Details - OpenCVE

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Checkpoint	Quantum Security Management

No data.

No data.

References

Link	Providers
https://support.checkpoint.com/results/sk/sk184992

History

Tue, 02 Jun 2026 16:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 26 May 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Checkpoint Checkpoint quantum Security Management
Vendors & Products		Checkpoint Checkpoint quantum Security Management

Tue, 26 May 2026 13:45:00 +0000

Type	Values Removed	Values Added
Description		When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).
Title		Authenticated Administrator Role-Based Access Control Bypass in Compliance
Weaknesses		CWE-89
References		https://support.checkpoint.com/results/sk/sk184992
Metrics		cvssV3_1 `{'score': 4.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2026-05-26T12:57:29.298Z

Updated: 2026-06-02T14:17:00.827Z

Reserved: 2026-05-20T19:29:00.635Z

Link: CVE-2026-48136

Vulnrichment

Updated: 2026-06-02T14:16:56.328Z

NVD

Status : Awaiting Analysis

Published: 2026-05-26T14:16:39.130

Modified: 2026-05-26T19:09:11.220

Link: CVE-2026-48136

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-48136", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "state": "PUBLISHED", "assignerShortName": "checkpoint", "dateReserved": "2026-05-20T19:29:00.635Z", "datePublished": "2026-05-26T12:57:29.298Z", "dateUpdated": "2026-06-02T14:17:00.827Z"}, "containers": {"cna": {"affected": [{"product": "Quantum Security Management", "vendor": "checkpoint", "versions": [{"status": "affected", "version": "R82.10 with Jumbo Hotfix Take 6 or below"}, {"status": "affected", "version": "R82 with Jumbo Hotfix Take 91 or below"}, {"status": "affected", "version": "R81.20 with Jumbo Hotfix Take 127 or below"}, {"status": "affected", "version": "All releases from R81.10 and below"}]}], "title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance", "descriptions": [{"lang": "en", "value": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC)."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2026-05-26T14:16:34.470Z"}, "references": [{"url": "https://support.checkpoint.com/results/sk/sk184992"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 4.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-26T18:41:27.298316Z", "id": "CVE-2026-48136", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:17:00.827Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-48136", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-26T18:41:27.298316Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-02T14:16:56.328Z"}}], "cna": {"title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "checkpoint", "product": "Quantum Security Management", "versions": [{"status": "affected", "version": "R82.10 with Jumbo Hotfix Take 6 or below"}, {"status": "affected", "version": "R82 with Jumbo Hotfix Take 91 or below"}, {"status": "affected", "version": "R81.20 with Jumbo Hotfix Take 127 or below"}, {"status": "affected", "version": "All releases from R81.10 and below"}]}], "references": [{"url": "https://support.checkpoint.com/results/sk/sk184992"}], "descriptions": [{"lang": "en", "value": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2026-05-26T14:16:34.470Z"}}}, "cveMetadata": {"cveId": "CVE-2026-48136", "state": "PUBLISHED", "dateUpdated": "2026-06-02T14:17:00.827Z", "dateReserved": "2026-05-20T19:29:00.635Z", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "datePublished": "2026-05-26T12:57:29.298Z", "assignerShortName": "checkpoint"}, "dataVersion": "5.2"}