• Category: Security
  • Status: confirmed
  • Sources: Check Point advisory sk185033, Rapid7 ETR, BleepingComputer, CISA KEV
  • Summary: CVE-2026-50751 is an authentication bypass (CVSS 9.3) in Check Point Remote Access VPN and Mobile Access when configured for the deprecated IKEv1 key exchange protocol. An attacker can establish a VPN session without a valid user password by exploiting a logic flaw in certificate validation. Active exploitation has been observed since 2026-05-07, with a Qilin ransomware affiliate linked to at least one confirmed intrusion. A second related flaw, CVE-2026-50752, affects IKEv1 site-to-site VPN certificate validation. CISA added CVE-2026-50751 to KEV on 2026-06-08.
  • Why it matters: Any Check Point VPN deployment using IKEv1 is vulnerable to unauthenticated network access until patched or reconfigured to IKEv2 with mandatory machine certificates.
  • Follow-up: CISA gives federal agencies three days to patch; verify patch status in all affected deployments.

Send feedback on this story