CVE-2026-50751

KEV EPSS 6.2%

hype ACTIVE HACK · 92 hack

KEV-listed, confirmed exploitation by named threat group, CISA urgent directive, working attacks observed in field.

What: Authentication bypass in Check Point Remote Access and Mobile Access VPN via deprecated IKEv1 key exchange; unauthenticated remote attackers can establish VPN sessions without valid credentials.

Why it matters: KEV-listed as of 2026-06-08; active in-the-wild exploitation confirmed by Qilin ransomware affiliate; CISA mandated 3-day patch deadline for federal agencies; vendors patching urgently; defenders actively triaging and remediating legacy IKEv1 configurations.

Where it's seen: Security advisories, threat intelligence platforms, journalist coverage across multiple languages (English, Indonesian, Japanese), ransomware intelligence feeds, CISA directives, and defender action alerts spanning 24–48 hours post-disclosure.

RISK: CRITICAL — Unauthenticated VPN bypass in active use by ransomware operators; KEV-listed; federal agencies mandated emergency patching within 3 days.

Generated by claude-haiku-4-5 from public posts and authoritative metadata. AI can make mistakes — verify against vendor advisories before acting. 6/9/2026, 9:04:35 AM

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Weaknesses

CWE-287

References

Other · 1

https://support.checkpoint.com/results/sk/sk185033