Vendor scorecard
Check Point
Check Point security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: checkpoint
Product families
4
Open in latest
16
Inferred — see methodology
Last disclosure
Jun 8, 2026
01
Product categories
4 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Gaia OSNGFW / Network Security · Secure Remote Access / VPN · Network Detection / IDS-IPSgaia_os, security_gateway | 3 | 12 | r77.30LOW | ||
| ManagementNetwork Management & Monitoringmulti-domain_management, smartconsole, r80… | 2 | 3 | r80.10LOW | ||
| CloudGuardNGFW / Network Security · SD-WAN & SASEcloudguard_network_security, cloudguard_posture_management, cloudguard_log.ic | 0 | 0 | unknown | ||
| HarmonySecure Remote Access / VPN · Zero-Trust / ZTNAharmony_endpoint, harmony_mobile, harmony_connect | 0 | 1 | e88.20LOW |
02
Recent CVEs
8 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-50751(opens NVD record) | Critical | 9.3 | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. | Jun 8, 2026 |
| CVE-2024-52885(opens NVD record) | Medium | 5.0 | The Mobile Access Portal's File Share application is vulnerable to a directory traversal attack, allowing an authenticated, malicious end-user (authorized to at least one File Share application) to list the file names of 'nobody'-accessible directories on the Mobile Access gateway. | Aug 6, 2025 |
| CVE-2024-24915(opens NVD record) | Medium | 6.1 | Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them. | Jun 29, 2025 |
| CVE-2024-24916(opens NVD record) | Medium | 6.5 | Untrusted DLLs in the installer's directory may be loaded and executed, leading to potentially arbitrary code execution with the installer's privileges (admin). | Jun 19, 2025 |
| CVE-2024-52888(opens NVD record) | Medium | 5.4 | For an authenticated end-user the portal may run a script while attempting to display a directory or some file's properties. | Apr 27, 2025 |
| CVE-2024-52887(opens NVD record) | Low | 3.5 | Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a script while accessing their own bookmark list. | Apr 27, 2025 |
| CVE-2024-24911(opens NVD record) | Medium | 5.3 | In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache. | Feb 6, 2025 |
| CVE-2024-24914(opens NVD record) | High | 8.0 | Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available. | Nov 7, 2024 |
5 CVEs · 4 product families