topic Re: CVE-2026-43284 and CVE-2026-43500 in General Topics

CVE-2026-43284 and CVE-2026-43500

mbrock — Fri, 08 May 2026 17:14:29 GMT

I see the official announcement for the CVE-2026-31431 (sk184928), but this one is fairly different and quite new. What would be the expected impacts for CVE-2026-43284 and CVE-2026-43500 on R81.20, R82 and R82.10 as we have all 3 in our environment.

Re: CVE-2026-43284 and CVE-2026-43500

Bob_Zimmerman — Fri, 08 May 2026 21:01:17 GMT

esp4 and esp6 modules are present on R81.20, R82, and R82.10. They aren't loaded on any of the firewalls I've checked, even ones which terminate VPNs, so Check Point appears to only use their own IPSec stack.

rxrpc is present only on R82.10. It isn't loaded on any system I've checked (admittedly, not many).

From the outside, both appear to be non-issues on Check Point systems.

Re: CVE-2026-43284 and CVE-2026-43500

PhoneBoy — Fri, 08 May 2026 21:09:35 GMT

CVE-2026-43500 looks like another local privilege escalation bug.
These are not relevant on Gaia OS since you need expert access to exploit them and expert IS root.

For the other CVE, not sure.
In either case, TAC will need to be consulted for an official answer.