Critical Check Point Vulnerability (CVE-2026-50751): Password Bypass in IKEv1 VPN

Colleagues, an important cybersecurity notice: Check Point has observed exploitation of CVE-2026-50751 — a certificate-validation flaw that allows establishing Remote Access VPN sessions without a password when using IKEv1.
Briefly:
- What: authentication bypass in Remote/Mobile Access VPN.
- Affects: multiple Security Gateway and Spark/Firewall versions supporting IKEv1.
- Conditions: Remote/Mobile Access enabled, IKEv1, legacy-client support, no machine-certificate requirement.
- Observations: attacks seen since May; some incidents linked to Qilin ransomware.
Why it matters: if IKEv1 is present — disable it or apply patches, require machine certificates, and strengthen monitoring.
How do you plan to respond?
#cybersecurity #VPN #CheckPoint #infosec


Latest comments
No comments yet.