{"id":268177,"date":"2026-06-09T05:30:00","date_gmt":"2026-06-09T09:30:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/09\/check-point-warns-critical-auth-bypass-bug-exploited-in-the-wild\/"},"modified":"2026-06-09T07:05:35","modified_gmt":"2026-06-09T11:05:35","slug":"check-point-warns-critical-auth-bypass-bug-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/09\/check-point-warns-critical-auth-bypass-bug-exploited-in-the-wild\/","title":{"rendered":"Check Point Warns Critical Auth Bypass Bug Exploited in the Wild"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/check-point-critical-auth-bypass\/\">Check Point Warns Critical Auth Bypass Bug Exploited in the Wild<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/check-point-critical-auth-bypass\/\">https:\/\/www.infosecurity-magazine.com\/news\/check-point-critical-auth-bypass\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-09 05:30:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Check Point has urged customers to patch a critical zero-day vulnerability in its Remote Access VPN and Mobile Access solutions that is being actively exploited.<\/p>\n<p>CVE-2026-50751 is an authentication bypass\u00a0flaw that affects deployments configured to use the deprecated IKEv1 key exchange protocol.<\/p>\n<p>The security vendor revealed on June 8 that in one case, an affiliate of the Qilin ransomware group has exploited the flaw in \u201cpost-compromise\u00a0activity.\u201d<\/p>\n<p>\u201cAn attacker can bypass user authentication by exploiting a logic flow weakness in the Remote Access and Mobile Access certificate validation and establish a remote access VPN connection without a valid user password,\u201d Check Point said.<\/p>\n<p>\u201cCheck Point has observed active exploitation of this vulnerability in the wild.\u201d<\/p>\n<p>Read more on Check Point: Cybercriminals Exploit CheckPoint Antivirus Driver in Malicious Campaign.<\/p>\n<p>The flaw has been exploited since May 7, but attempts increased in early June, according to the writeup. Check Point launched in investigation on June 4 and said attacks have so far been \u00a0limited to a \u201cfew dozen targeted organizations\u201d globally.<\/p>\n<p>\u201cBased on the post-exploitation activity we observed, we assess with medium confidence that the actor behind the exploitation of CVE-2026-50751 is financially motivated, uses Qilin ransomware,\u201d it continued. \u201cWe believe that this threat actor infrastructure is exploiting other VPN-related vulnerabilities such as the ones published by Palo Alto, Fortinet and F5.\u201d<\/p>\n<p>The affiliate apparently used dedicated virtual private server (VPS) infrastructure to carry out the attacks, with some IPs hosted by Kaupo Cloud HK, Shock Hosting, and Vultr Holdings.<\/p>\n<h2><strong>Another Vulnerability Discovered<\/strong><\/h2>\n<p>While Check Point was investigating CVE-2026-50751, which has a CVSS score of 9.3, it found another vulnerability. CVE-2026-50752 has a score of 7.4 and is not currently being exploited by threat actors, the vendor claimed.<\/p>\n<p>\u201cCVE-2026-50752 impacts&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/check-point-critical-auth-bypass\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check Point Warns Critical Auth Bypass Bug Exploited in the Wild https:\/\/www.infosecurity-magazine.com\/news\/check-point-critical-auth-bypass\/ Publish Date: 2026-06-09&#8230;<\/p>\n","protected":false},"author":1,"featured_media":268178,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/6ae7d935-2038-4302-b165-48eb9bbb4668.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,34,27],"class_list":["post-268177","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-threat-actor","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/268177"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=268177"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/268177\/revisions"}],"predecessor-version":[{"id":268179,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/268177\/revisions\/268179"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/268178"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=268177"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=268177"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=268177"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}