CVE-2026-48132
Awaiting Analysis Awaiting Analysis - Queue
Security Gateway VPN Processing Denial of Service via IKE Packet

Publication date: 2026-05-26

Last updated on: 2026-05-26

Assigner: Check Point Software Technologies Ltd.

Description
The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service (temporary interruption of VPN negotiations/traffic).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-26
Last Modified
2026-05-26
Generated
2026-06-15
AI Q&A
2026-05-26
EPSS Evaluated
2026-06-14
NVD
CVE-2026-48132
EUVD
EUVD-2026-31819
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
check_point_software_technologies security_gateway *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The primary impact of this vulnerability is a denial of service condition.

An attacker can send specially crafted IKE packets that cause the VPN processing service to crash or restart unexpectedly.

This results in temporary interruption of VPN traffic and negotiations, potentially disrupting secure communications.

Executive Summary

This vulnerability occurs because the Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T (Network Address Translation Traversal) is used on UDP port 4500.

A specially crafted or malformed packet exploiting this flaw can cause the VPN processing service to terminate unexpectedly.

This leads to a denial of service, causing temporary interruption of VPN negotiations and traffic.

Detection Guidance

This vulnerability involves the Security Gateway incorrectly validating length values in certain IKE packets when NAT-T (UDP port 4500) is used, causing the VPN processing service to terminate unexpectedly.

To detect this vulnerability on your network or system, monitoring for unexpected restarts or interruptions of the VPN processing service related to IKE traffic over UDP port 4500 is recommended.

Specific commands or detection methods are not provided in the available resources.

Mitigation Strategies

The available information does not specify immediate mitigation steps or recommended actions to address this vulnerability.

Compliance Impact

The provided information does not specify how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48132. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart