Vulnerability detail
Enriched intelligence for a single CVE
Critical
CVE-2026-50751
PUBLISHEDUser Authentication Bypass in VPN Remote Access and Mobile Access
- Vendor
- checkpoint
- Product
- Quantum Security Gateway, Spark Firewalls
- Published
- Jun 08, 2026
- EPSS
- 0.0% · 1% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.
Description
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Weaknesses (CWE)
-
Improper Authentication
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
Exploitation status
Exploited in the wild
Recorded 2026-06-08 14:20:34 UTC · Check Point Blog
Used in qilin ransomware malware
Recorded 2026-06-08 15:14:29 UTC · Check Point Blog
Indicators of compromise (IoCs)
Operational indicators linked to exploitation of this CVE. IoCs age over time — especially IP addresses.
| Type | Indicator | First seen | Last seen | Age | Source |
|---|---|---|---|---|---|
| IP |
45.77.149.152
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
209.182.225.136
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
38.60.157.139
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
162.33.177.101
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
45.76.26.42
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
144.208.127.155
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
38.54.88.201
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
38.54.107.167
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
| IP |
66.42.99.200
|
2026-05-07 14:26 UTC | 2026-05-07 14:26 UTC | about 1 month ago | Source |
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| Check Point Blog First | 2026-06-08 14:20 UTC |
| TheHackerNews | 2026-06-08 15:20 UTC |
Recent mentions
TheHackerNews · Jun 08, 2026
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user
Check Point Blog · Jun 08, 2026
Check Point Research has identified active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access deployments configured to use the deprecated IKEv1 key exchange protocol. By exploiting a logic flaw in certificate validation, an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements. Additional post-authentication activity is required to access internal resources or escalate privileges. To date, the observed exploitation has been limited to a few dozen targeted organizations globally. One case involved confirmed post-compromise activity associated with Qilin ransomware affiliate. Customers using IKEv1 key […] The post Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) appeared first on Check Point Blog.
Timeline
-
IoCs added (9)
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Used in qilin ransomware Malware
-
KEV confirmed by TheHackerNews