https://vulnerability.circl.lu/sightings/feed 2026-06-09T04:59:15.887510+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/200a790f-eae3-4ca3-bd08-5ee4ac6559d7/export 2026-06-09T04:59:15.892756+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "200a790f-eae3-4ca3-bd08-5ee4ac6559d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mnskilvqhk2x", "content": "Check Point VPN Zero-Day (CVE-2026-50751): Hackers Bypass IKEv1 Passwords in Active Ransomware\u00a0Campaign\n\nIntroduction: The legacy IKEv1 key exchange protocol, still active in many enterprise remote-access VPNs, harbors a critical logic flow weakness. Tracked as CVE-2026-50751 with a near-maximum\u2026", "creation_timestamp": "2026-06-08T20:48:52.658575Z"} 2026-06-08T20:48:52.658575+00:00 https://vulnerability.circl.lu/sighting/aeb7f170-b169-4a69-86ad-2ebfcf45741c/export 2026-06-09T04:59:15.892684+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "aeb7f170-b169-4a69-86ad-2ebfcf45741c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mnslikalsk2j", "content": "CVE-2026-50751: Check Point VPN Zero-Day Exploited by Qilin Affiliate; Patch Released June 8", "creation_timestamp": "2026-06-08T21:06:37.889444Z"} 2026-06-08T21:06:37.889444+00:00 https://vulnerability.circl.lu/sighting/03c98b4c-db78-40fa-a258-b57f397b0631/export 2026-06-09T04:59:15.892609+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "03c98b4c-db78-40fa-a258-b57f397b0631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50751", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116716935635354751", "content": "In Check Point Firewalls und Gateways gibt es zwei Schwachstellen, von denen eine angegriffen wird (Qilin). Es gibt aber Patches und Gegenma\u00dfnahmen.\nhttps://borncity.com/blog/2026/06/08/schwachstelle-cve-2026-50751-bei-check-point-vpn/", "creation_timestamp": "2026-06-08T22:51:44.891602Z"} 2026-06-08T22:51:44.891602+00:00 https://vulnerability.circl.lu/sighting/3c2cb537-c2f1-4a1e-bbb0-9caa5c575edb/export 2026-06-09T04:59:15.892530+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3c2cb537-c2f1-4a1e-bbb0-9caa5c575edb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnssre2myj2e", "content": "Check Point says CVE-2026-50751 is actively exploited to bypass auth in deprecated IKEv1 VPN setups, affecting Remote Access and Mobile Access deployments. CVE-2026-50752 may enable AitM attacks. #CheckPoint #Qilin #VPN", "creation_timestamp": "2026-06-08T23:15:12.475716Z"} 2026-06-08T23:15:12.475716+00:00 https://vulnerability.circl.lu/sighting/9e96a631-c2f3-4281-802a-e4572fa4fc56/export 2026-06-09T04:59:15.892455+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "9e96a631-c2f3-4281-802a-e4572fa4fc56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mnswgbpvs62y", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u60272\u4ef6\u3092\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds Two Known Exploited Vulnerabilities to Catalog #CISA (Jun 8)\n\nCVE-2026-42271 BerriAI LiteLLM \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\nCVE-2026-50751 Check Point Security Gateway\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-06-09T00:20:35.646314Z"} 2026-06-09T00:20:35.646314+00:00 https://vulnerability.circl.lu/sighting/ea1a339f-ab2c-4922-942c-c6a306c03dfc/export 2026-06-09T04:59:15.892375+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ea1a339f-ab2c-4922-942c-c6a306c03dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mnswozfx5w2c", "content": "Qilin\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u95a2\u9023\u7d44\u7e54\u304cCheck Point VPN\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\uff08CVE-2026-50751\uff09\u3092\u60aa\u7528 \n\nQilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751) #HelpNetSecurity (Jun 8)\n\nwww.helpnetsecurity.com/2026/06/08/c...", "creation_timestamp": "2026-06-09T00:25:29.122307Z"} 2026-06-09T00:25:29.122307+00:00 https://vulnerability.circl.lu/sighting/a13467b8-1139-4d6d-9484-a84cbaec24ba/export 2026-06-09T04:59:15.892301+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a13467b8-1139-4d6d-9484-a84cbaec24ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnsynws6lk2u", "content": "\ud83d\udd34 CVE-2026-50751 - Critical (9.3)\n\nA logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKE...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50751/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-09T01:00:40.769696Z"} 2026-06-09T01:00:40.769696+00:00 https://vulnerability.circl.lu/sighting/0807e31f-ee2d-438e-911e-03168ea935ba/export 2026-06-09T04:59:15.892219+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "0807e31f-ee2d-438e-911e-03168ea935ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnt5okxrpl2a", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 137 interactions\nCVE-2015-5119: 20 interactions\nCVE-2020-0601: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-50751: 6 interactions\nCVE-2025-8088: 5 interactions\nCVE-2026-50131: 5 interactions\n", "creation_timestamp": "2026-06-09T02:30:30.519105Z"} 2026-06-09T02:30:30.519105+00:00 https://vulnerability.circl.lu/sighting/50065658-5639-42cc-8a99-3d42286a8ab9/export 2026-06-09T04:59:15.892120+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "50065658-5639-42cc-8a99-3d42286a8ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mntddp2duc2h", "content": "Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)\n\nA Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. Abo\u2026\n#hackernews #news", "creation_timestamp": "2026-06-09T04:11:48.224295Z"} 2026-06-09T04:11:48.224295+00:00 https://vulnerability.circl.lu/sighting/fffc13ab-f757-4d28-ad4f-1ad8befc0945/export 2026-06-09T04:59:15.890907+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "fffc13ab-f757-4d28-ad4f-1ad8befc0945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://gist.github.com/alon710/d5e17169de3d451d7d6cd197f2a5e3cc", "content": "# CVE-2026-50751: CVE-2026-50751: Authentication Bypass in Check Point Security Gateway IKEv1 Legacy Validation\n\n> **CVSS Score:** 9.3\n> **Published:** 2026-06-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-50751\n\n## Summary\nAn improper authentication vulnerability (CWE-287) exists in the legacy, deprecated Internet Key Exchange version 1 (IKEv1) key exchange protocol implementation in Check Point Security Gateways. The vulnerability is caused by a logic flow weakness during the certificate validation process for Remote Access VPN and Mobile Access (SSL VPN) connections. An unauthenticated remote attacker can exploit this weakness to bypass user authentication entirely, establishing a fully functional Remote Access VPN connection without a valid password.\n\n## TL;DR\nA logic flow weakness in Check Point Security Gateway IKEv1 certificate validation allows unauthenticated remote attackers to bypass authentication and establish Remote Access VPN tunnels without user passwords.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE ID**: CWE-287\n- **Attack Vector**: Network (AV:N)\n- **CVSS Severity**: 9.3 (Critical)\n- **EPSS Score**: 0.00010 (Percentile: 1.23%)\n- **Exploit Status**: Active exploitation in-the-wild\n- **CISA KEV Status**: Listed (June 8, 2026)\n- **Primary Threat Actor**: Qilin Ransomware Affiliates\n\n## Affected Systems\n\n- Check Point Quantum Security Gateways\n- Check Point Maestro Orchestrators\n- Check Point Security Groups\n- Check Point Spark Firewalls\n- **Quantum Security Gateway / Maestro Orchestrator**: <= R82.10 Take 19 (Fixed in: `R82.10 Take 19 with Hotfix`)\n- **Quantum Security Gateway / Maestro Orchestrator**: <= R82 Take 103 (Fixed in: `R82 Take 103 with Hotfix`)\n- **Quantum Security Gateway / Maestro Orchestrator**: <= R81.20 Take 141 (Fixed in: `R81.20 Take 141 with Hotfix`)\n- **Spark Firewalls (Gaia Embedded)**: R82.00.X (Fixed in: `R82.00.10 Build 998002216`)\n- **Spark Firewalls (Gaia Embedded)**: R81.10.X (Fixed in: `R81.10.17 Build 996004901`)\n\n## Mitigation\n\n- Disable support for legacy Remote Access clients\n- Restrict connections to the IKEv2 protocol only\n- Enforce mandatory machine certificate authentication\n\n**Remediation Steps:**\n1. Open SmartConsole and navigate to Security Gateway properties -> VPN Clients -> Authentication.\n2. Uncheck 'Allow older clients to connect to this gateway' and install the policy.\n3. For IKEv2-only restriction: Open Global Properties -> Remote Access -> VPN Authentication, and check 'IKEv2 only'.\n4. Deploy vendor-supplied hotfixes (R82.10 Take 19, R82 Take 103, or R81.20 Take 141) as soon as possible.\n\n## References\n\n- [Check Point Support Portal Advisory (sk185033)](https://support.checkpoint.com/results/sk/sk185033)\n- [Check Point Official Security Blog Post](https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/)\n- [CISA Known Exploited Vulnerabilities Catalog Search](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751)\n- [CVE.org Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50751)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50751) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-09T04:41:47.000000Z"} 2026-06-09T04:41:47+00:00