Exploitation of Authentication Bypass Vulnerability in Check Point VPN
Successful exploitation of CVE-2026-50751 could allow an attacker to establish a VPN session without a valid password
Summary
Successful exploitation of CVE-2026-50751 could allow an attacker to establish a VPN session without a valid password
Affected platforms
The following platforms are known to be affected:
Threat details
Specific configuration required to be vulnerable
Check Point Security Gateways and Spark Firewalls are vulnerable if all of the following are true:
- VPN Remote Access or Mobile Access is enabled
- IKEv1 is enabled for remote access
- Gateways accept legacy Remote Access clients
- Gateways do not demand a machine certificate for connections
Introduction
Check Point has released a security advisory to address one critical severity and one high severity vulnerability. Successful exploitation of CVE-2026-50571 could allow an attacker to exploit a logic flaw in certificate validation and establish a VPN session without possession of a valid password, effectively bypassing authentication requirements.
- CVE-2026-50751 - Improper Authentication vulnerability - CVSSv3 score: 9.3 (Exploited)
- CVE-2026-50752 - Improper Certificate Validation vulnerability - CVSSv3 score: 7.4
Active Exploitation of CVE-2026-50751
Check Point Research has observed exploitation of CVE-2026-50751 in the wild, and has attributed the activity to the Qilin ransomware-as-a-service (RaaS) operation.
SSLVPNs, firewalls, and other edge devices are internet-facing by design and are highly attractive targets to attackers, and there is an increasing number of edge device vulnerabilities disclosed each year that are rapidly exploited by attackers. The NHS England National CSOC assesses it is almost certain vulnerabilities discovered in SSLVPN and firewall appliances will continue to be exploited as zero-day vulnerabilities, or shortly after vendor disclosure.
Organisations are strongly encouraged to follow NCSC's vulnerability management guidance, including patching edge devices as soon as possible if a critical vulnerability is identified.
Remediation advice
Affected organisations must review Check Point security advisories Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) and SK185033, and follow the remediation steps detailed below.
Remediation steps
| Type | Step |
|---|---|
| Action |
Strongly Recommended: Perform a compromise assessment Affected organisations are strongly recommended to search for the IOCs provided by Check Point in SmartConsole and network logs. https://support.checkpoint.com/results/sk/sk185033 |
| Action |
Required: Apply a mitigation option Check Point has suggested 3 remediation options to increase security of appliances using the deprecated IKEv1 key exchange protocol. Organisations must apply 1 of these 3 remediation actions:
https://support.checkpoint.com/results/sk/sk185033 |
| Patch |
Required: Update to a fixed version Affected organisations must apply the relevant hotfix to update to a fixed version as soon as possible. Applying the hotfix for CVE-2026-50751 also remediates CVE-2026-50752. Note: Organisations running end-of-support versions must upgrade to a supported version. https://support.checkpoint.com/results/sk/sk185033 |
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 8 June 2026 1:58 pm