Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html
Publish Date: 2026-06-08 10:17:00
Source Domain: thehackernews.com
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.
The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
“By exploiting a logic flaw in certificate validation, an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements,” Check Point said. “Additional post-authentication activity is required to access internal resources or escalate privileges.”
The shortcoming impacts the following products and versions –
- Security Gateways R82.10 Jumbo Hotfix Take 19 or below, R82 Jumbo Hotfix Take 103 or below, R81.20 Jumbo Hotfix Take 141 or below, R81.10 (EOS), R81 (EOS), and R80.40 (EOS)
- Spark Firewalls: R80.20.X (EOS), R81.10.X, and R82.00.X
Successful exploitation requires the following conditions to be met –
- VPN Remote Access or Mobile Access is enabled
- IKEv1 is enabled for remote access
- Gateways accept legacy Remote Access clients
- Gateways do not demand a machine certificate for connections
The Israeli cybersecurity company said it first observed indications of suspicious activity on June 4, 2026, with the earliest observed exploitation dating back to May 7, 2026. Exploitation efforts are said to have ramped up starting this month.
The exploitation activity, Check Point added, has been limited to a “few dozen targeted organizations globally.” In one case, the post-exploitation phase has been associated with a Qilin ransomware affiliate.
“We believe that this threat actor infrastructure is exploiting other VPN related vulnerabilities such as…
