Top stories
Check Point VPN CVE-2026-50751 exploited by Qilin ransomware affiliate
- Category: Security
- Status: confirmed
- Sources: Check Point advisory sk185033, Rapid7 ETR, BleepingComputer, CISA KEV
- Summary: CVE-2026-50751 is an authentication bypass (CVSS 9.3) in Check Point Remote Access VPN and Mobile Access when configured for the deprecated IKEv1 key exchange protocol. An attacker can establish a VPN session without a valid user password by exploiting a logic flaw in certificate validation. Active exploitation has been observed since 2026-05-07, with a Qilin ransomware affiliate linked to at least one confirmed intrusion. A second related flaw, CVE-2026-50752, affects IKEv1 site-to-site VPN certificate validation. CISA added CVE-2026-50751 to KEV on 2026-06-08.
- Why it matters: Any Check Point VPN deployment using IKEv1 is vulnerable to unauthenticated network access until patched or reconfigured to IKEv2 with mandatory machine certificates.
- Follow-up: CISA gives federal agencies three days to patch; verify patch status in all affected deployments.