CVE-2026-48133
Identity Awareness Captive Portal - Unauthenticated Local File Inclusion
In short
When a security gateway has Identity Awareness enabled with browser-based authentication, an unauthenticated user can read internal files on the server without logging in. This is dangerous because attackers can access sensitive system information without permission.
Technical detail
A local file inclusion vulnerability exists in the Identity Awareness captive portal (CWE-98) when Browser-Based Authentication is enabled. An unauthenticated attacker can exploit path traversal or file access mechanisms to read arbitrary files from the Security Gateway filesystem. This allows information disclosure of sensitive internal data without authentication.
Summary generated and translated by AI from the official description.
When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain internal files on the Security Gateway.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected products
checkpoint · Quantum Security GatewayWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →