VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Description

The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection attempt. This can cause the service to terminate unexpectedly, resulting in denial of service (temporary disruption of VPN-related functionality).

Affected Products

Vendor	Product	Versions
checkpoint	quantum security gateway	R82.10 with Jumbo Hotfix Take 6 or below, R82 with Jumbo Hotfix Take 91 or below, R81.20 with Jumbo Hotfix Take 127 or below, All releases from R81.10 and below

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
check point	security	cert_advisory	90%

References

https://support.checkpoint.com/results/sk/sk184981

Related News (4 articles)

Tier D

Heise Security7d ago

IT-Sicherheitslösung Check Point Security Gateway ist verwundbar

→ No new info (linked only)

Tier B

BSI Advisories10d ago

[NEU] [hoch] Check Point Security Gateway: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

CERT-FR12d ago

Multiples vulnérabilités dans les produits Check Point (27 mai 2026)

→ No new info (linked only)

Tier C

VulDB13d ago

CVE-2026-48131 | Check Point Quantum Security Gateway VPN Service heap-based overflow

CVSS 3.18.1 HIGH

VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-122

PublishedMay 26, 2026

Last enriched13d agov2

Trending Score21

Source articles4

Independent4

Info Completeness8/14

Missing: epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

VPND IKE Fragment Reassembly - Heap Out-of-Bounds Write via Sequence Number Zero

Description

Affected Products

Also Affects

References

Related News (4 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History