CVE-2026-48136

medium

Description

When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Compliance Best Practices in another Management Domain, where the administrator has no access permissions, bypassing Role-Based Access Control (RBAC).

References

https://support.checkpoint.com/results/sk/sk184992

Details

Source: Mitre, NVD

Published: 2026-05-26

Updated: 2026-05-26

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:H/Au:M/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 4.1

Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L