7.5

CVE-2026-48133

Medienbericht

Identity Awareness Captive Portal - Unauthenticated Local File Inclusion

When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Herstellercheckpoint
Produkt Quantum Security Gateway
Version R82.10 with Jumbo Hotfix Take 6 or below
Status affected
Version R82 with Jumbo Hotfix Take 91 or below
Status affected
Version R81.20 with Jumbo Hotfix Take 127 or below
Status affected
Version All releases from R81.10 and below
Status affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.75% 0.907
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cve@checkpoint.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
05.06.2026 12:47
https://support.checkpoint.com/results/sk/sk184993