Improper access control in Gaia - CVE-2026-48136
Published: May 28, 2026
Vulnerability identifier: #VU132669
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-48136
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Check Point Software Technologies
Affected software:
Gaia
Gaia
Detailed vulnerability description
The vulnerability allows a remote user to modify stored metadata associated with Compliance Best Practices in another management domain.
The vulnerability exists due to improper access control in the Compliance feature when handling cross-domain metadata access. A remote user can modify stored metadata in a management domain where they have no access permissions to modify stored metadata associated with Compliance Best Practices in another management domain.
Exploitation is possible only when Compliance is enabled on Check Point Multi-Domain Management.
How to mitigate CVE-2026-48136
Install security update from vendor's website.