Authenticated Administrator Role-Based Access Control Bypass in Compliance_CVE-2026-48136

4.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Description

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).

Basic Information

ID CVE-2026-48136

Source checkpoint

Published May 26, 2026 at 12:57

Affected Product

Vendor checkpoint

Product Quantum Security Management

Version R82.10 with Jumbo Hotfix Take 19 or below

Affected Versions checkpoint Quantum Security Management R82.10 with Jumbo Hotfix Take 19 or below
checkpoint Quantum Security Management R82 with Jumbo Hotfix Take 91 or below
checkpoint Quantum Security Management R81.20 with Jumbo Hotfix Take 127 or below
checkpoint Quantum Security Management All releases from R81.10 and below

CWE Classification

CWE-89

References

support.checkpoint.com /results/sk/sk184992

{
    "lastseen": "",
    "description": "When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).",
    "published": "2026-05-26T12:57:29.298Z",
    "modified": "2026-05-26T12:57:29.298Z",
    "type": "cve",
    "title": "Authenticated Administrator Role-Based Access Control Bypass in Compliance",
    "source": "checkpoint",
    "references": "https://support.checkpoint.com/results/sk/sk184992",
    "id": "CVE-2026-48136",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "checkpoint Quantum Security Management R82.10 with Jumbo Hotfix Take 19 or below\ncheckpoint Quantum Security Management R82 with Jumbo Hotfix Take 91 or below\ncheckpoint Quantum Security Management R81.20 with Jumbo Hotfix Take 127 or below\ncheckpoint Quantum Security Management All releases from R81.10 and below",
    "sourceHref": "",
    "cvss": {
        "score": 4.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Quantum Security Management",
    "version": "R82.10 with Jumbo Hotfix Take 19 or below",
    "vendor": "checkpoint",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}