Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

2026-06-08

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Check Point has warned of a critical IKEv1 VPN vulnerability (CVE-2026-50751, CVSS 9.3) allowing attackers to bypass password authentication and establish unauthorized remote access connections.

•The flaw exists in certificate validation logic affecting Remote Access VPN and Mobile Access on deprecated IKEv1 protocol setups
•Exploitation requires specific conditions: IKEv1 enabled, legacy client support, and no machine certificate requirement
•Active exploitation observed from May 7, 2026, targeting a few dozen organizations globally with VPS infrastructure
•Post-exploitation activity linked to Qilin ransomware affiliate attempting to download malicious ELF files
•A second vulnerability (CVE-2026-50752, CVSS 7.40) enabling adversary-in-the-middle attacks on VPN site-to-site connections was also discovered

Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts

Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit