CVE-2026-48133

Published: May 26, 2026Modified: May 26, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: cve@checkpoint.com (Secondary)

Description

When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.

Related CWEs

CWE-98

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

References (1)

https://support.checkpoint.com/results/sk/sk184993

Source: cve@checkpoint.com

Timeline

No history available yet.