Check Point R82 SQL Injection Vulnerability (CVE-2026-48134) in UserCheck Portal

Vulnerability Overview Vulnerability ID: CVE-2026-48134 Vulnerability Type: SQL Injection Affected Component: UserCheck Portal (when DLP is active) Description: When DLP is active, the UserCheck Web Portal has an input handling issue in the UserChoice process. Under specific conditions, an attacker can manipulate DLP/UserCheck event information stored by the Security Gateway by accessing the UserCheck Ask page, potentially leading to loss of event entries, errors in pending approval processing, or resource impact. Impact Scope Affected Products: - R77.20 (EOS) - R77.30 (EOS) - R80.10 (EOS) - R80.20 (EOS) - R80.30 (EOS) - R80.40 (EOS) - R81 (EOS) - R81.10 (EOS) - R81.20 - R82 - R82.10 Affected Versions: - R82.10 with Jumbo Hotfix Take 6 or below - R82 with Jumbo Hotfix Take 91 or below - R81.20 with Jumbo Hotfix Take 127 or below - All releases from R81.10 and below Unaffected Products: Spark Firewall (as it does not support DLP) Remediation Mitigation: - Ensure the UserCheck Portal is accessible only through internal interfaces. - Configuration Steps: 1. In SmartConsole, navigate to Gateways and Servers. 2. Double-click each Security Gateway or cluster object. 3. Navigate to UserCheck > Accessibility. 4. Ensure "Through internal interfaces" is selected. Patch Information: - R82.10 from Jumbo Hotfix Accumulator Take 19 onwards - R82 from Jumbo Hotfix Accumulator Take 103 onwards - R81.20 from Jumbo Hotfix Accumulator Take 141 onwards Additional Information Article Attributes: - Access Level: General - Severity: Medium - Status: Approved - Creation Date: 2026-05-20 - Last Modified Date: 2026-05-26 Page Bottom Feedback: Was this page helpful? (Yes/No) Support: Couldn't find what you need? Open a service request. Footer Copyright Notice: ©1994-2026 Check Point Software Technologies Ltd. All rights reserved. Links: Privacy Policy --- Note: The page does not contain POC code or exploit code.

Goal Reached Thanks to every supporter — we hit 100%!

Check Point R82 SQL Injection Vulnerability (CVE-2026-48134) in UserCheck Portal