CVE-2026-48131 HIGH

CVE-2026-48131: VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Vendor Checkpoint
Product Quantum Security Gateway
Weakness CWE-122
Published May 26, 2026
Last update May 26, 2026

CVSS base score

8.1/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).

Key dates

02Disclosure timeline

May 26, 2026 CVE published
May 26, 2026 Record updated