{"vulnerability": "CVE-2026-50751", "sightings": [{"uuid": "782f5882-ad69-4817-89a8-6b2a44689078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-50751", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9668c362-595a-4b6d-a788-a3429da4656b", "content": "", "creation_timestamp": "2026-06-08T13:19:17.590833Z"}, {"uuid": "63d64942-9944-4fc1-8df7-be62899e611b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116714974585924640", "content": "New:\nCheck Point Security Advisory \u2013 Action Required \u2013 Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ \nMore:\nThe Hacker News: Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html @thehackernews #infosec #vulnerability #VPN", "creation_timestamp": "2026-06-08T14:32:58.223659Z"}, {"uuid": "e6583362-ae63-4ed0-acc0-6b2439fc3be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnrx4ohyb427", "content": "Check Point patched CVE-2026-50751, a critical VPN auth bypass used in zero-day attacks, and found CVE-2026-50752, an IKEv1 flaw tied to Qilin ransomware activity. #CheckPoint #Qilin #VPN", "creation_timestamp": "2026-06-08T15:00:32.623201Z"}, {"uuid": "c000efb6-db2f-4476-91aa-9730c0203532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnryweklxu2f", "content": "CVE-2026-50751 in Check Point Remote Access/Mobile Access VPNs using IKEv1 lets attackers bypass password checks via a certificate validation flaw, with Qilin-linked activity observed.\n", "creation_timestamp": "2026-06-08T15:32:43.449065Z"}, {"uuid": "7eefbff4-1868-42b8-be81-5b796d4b1fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mnroob5y2k2g", "content": "Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/06/08/c...\n\n#cybersecurity #cybersecuritynews #0day #datatheft #ransomware #secureaccess #VPN #vulnerability", "creation_timestamp": "2026-06-08T12:29:35.963660Z"}, {"uuid": "dd31ece7-220e-4f1a-b476-8b2ff54435a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnrp32442m2d", "content": "Qilin\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30d5\u30a3\u30ea\u30a8\u30a4\u30c8\u304cCheck Point VPN\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\uff08CVE-2026-50751\uff09\u3092\u60aa\u7528\n\nQilin\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30d5\u30a3\u30ea\u30a8\u30a4\u30c8\u304c\u3001Check Point VPN\u306eRemote Access\u304a\u3088\u3073Mobile Access\u306b\u5b58\u5728\u3059\u308b\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u8106\u5f31\u6027CVE-2026-50751\u3092\u60aa\u7528\u3057\u3066\u3044\u308b\u3068\u898b\u3089\u308c\u308b\u3068\u3001\u540c\u793e\u304c\u6708\u66dc\u65e5\u306b\u767a\u8868\u3057\u307e\u3057\u305f\u3002 CVE-2026-50751\u306b\u3064\u3044\u3066 Check P", "creation_timestamp": "2026-06-08T12:36:22.698417Z"}, {"uuid": "89dda064-2882-487e-af0b-1b042760a1a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mnrqtapwzk2p", "content": "Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)\n\nwww.helpnetsecurity.com/2026/06/08/c...\n\n#Kyberturvallisuus #Haavoittuvuus #AktiivinenHyv\u00e4ksik\u00e4ytt\u00f6", "creation_timestamp": "2026-06-08T13:07:52.780162Z"}, {"uuid": "bf51c850-30d3-4f39-8947-324415539873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mnrujreuwh2t", "content": "Qilin ransomware is actively exploiting a Check Point VPN zero-day (CVE-2026-50751) by targeting deprecated IKEv1 protocols. This isn't just another vulnerability; it's a stark reminder that legacy configurations are\u2026\n\nhttps://www.tpp.blog/1xzskh3\n\n#cybersecurity #checkpoint #qilinransomware", "creation_timestamp": "2026-06-08T14:14:06.811054Z"}, {"uuid": "200954ed-f67a-41fa-a95c-aa2f9aab315e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://social.circl.lu/users/circl/statuses/116715192452841996", "content": "Checkpoint - User Authentication Bypass in VPN Remote Access and Mobile Access\n#checkpoint #vulnerabilitymanagement #vulnerability \nhttps://vulnerability.circl.lu/vuln/CVE-2026-50751", "creation_timestamp": "2026-06-08T15:28:22.683784Z"}, {"uuid": "9380716f-78ea-4d1d-8c53-9410bd448c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnrywb2eoi2n", "content": "CVE-2026-50751 enables unauthenticated attackers to bypass user authentication and establish VPN sessions on IKEv1-based Remote Access/Mobile Access deployments.\n", "creation_timestamp": "2026-06-08T15:32:41.249494Z"}, {"uuid": "18cc36f4-2ed8-4b3e-b86f-f8a2b32581e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnrrswra7i2s", "content": "CVE-2026-50751 - User Authentication Bypass in VPN Remote Access and Mobile Access\nCVE ID : CVE-2026-50751\n \n Published : June 8, 2026, 12:16 p.m. | 16\u00a0minutes ago\n \n Description : A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IK...", "creation_timestamp": "2026-06-08T13:25:31.579491Z"}, {"uuid": "cee9a141-7a57-442d-9257-9315d868e989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mns5zz5mme2p", "content": "Check Point warns of active exploitation of CVE-2026-50751, a critical VPN authentication bypass vulnerability. The flaw affects Remote Access VPN [\u2026]", "creation_timestamp": "2026-06-08T17:04:14.157198Z"}, {"uuid": "f7c9ca81-27f0-40ba-8473-507e312274cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mns32o2ljf24", "content": "~Cybergcca~\nCheck Point VPN authentication bypass (CVE-2026-50751) is under active exploitation.\n-\nIOCs: CVE-2026-50751\n-\n#CVE202650751 #CheckPoint #ThreatIntel", "creation_timestamp": "2026-06-08T16:10:55.869504Z"}, {"uuid": "96a70872-0f4f-4cd1-9014-be61e33f268c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/check-point-security-advisory-av26-559", "content": "", "creation_timestamp": "2026-06-08T07:24:19.000000Z"}, {"uuid": "6860b189-89f7-4bb6-81ef-50e1f3102824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0179", "content": "Check Point heeft kwetsbaarheden verholpen in Remote and Mobile Access VPN-producten, specifiek voor implementaties die gebruikmaken van het IKEv1 key exchange protocol. Er zijn twee kwetsbaarheden vastgesteld in Check Point Security Gateways en Remote Access VPN-omgevingen die gebruikmaken van het verouderde IKEv1-protocol. De kwetsbaarheden CVE-2026-50751 en CVE-2026-50752 treffen VPN-authenticatie en certificaatvalidatie. Deze kwetsbaarheden stellen aanvallers in staat om zonder geldige authenticatie toegang te verkrijgen tot VPN-omgevingen.\n\nDe kwetsbaarheid CVE-2026-50751 is als zero-day misbruikt. Volgens Check Point zou in \u00e9\u00e9n geval ook ransomware zijn geplaatst na dit misbruik. Het eerste gedetecteerde misbruik dateert van 7 mei. Het IKEv1-protocol is een verouderd protocol dat nog wel wordt gebruikt bij dit soort implementaties. Het NCSC-NL verwacht dat er op korte termijn grootschalig misbruik zal plaatsvinden en roept organisaties op om de advisory van Check Point op te volgen. Ook roept het NCSC-NL organisaties op om de IoC\u2019s van Check Point te controleren als binnen de organisatie betreffende producten worden gebruikt waarin IKEv1 is ingeschakeld.\n IOCs\n45.77.149[.]152\n209.182.225[.]136\n38.60.157[.]139\n162.33.177[.]101\n45.76.26[.]42\n144.208.127[.]155\n38.54.88[.]201\n38.54.107[.]167\n66.42.99[.]200\n\n52fda5c1b9704544f32ee98d9060e689\n\n51d39aa39478beeac94f2d12f682ecce", "creation_timestamp": "2026-06-08T12:29:06.000000Z"}, {"uuid": "2b551f2c-101c-4422-9ae6-8bd9e6005a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/6/angriffe-gegen-checkpoint-vpn-losungen-hotfix-verfugbar", "content": "08.06.2026\n\nBeschreibung\n\nCheckpoint warnt vor beobachteten Angriffen gegen die Produkte Checkpoint Security Gateway und Checkpoint Spark Firewall. \n\nAuswirkungen\n\nDie zugrunde liegende Sicherheitslücke CVE-2026-50751 erlaubt unbefugten Zugriff auf das VPN.\n\nBetroffene Systeme\n\nFolgende Systeme sind von der Sicherheitslücke betroffen, sofern IKEv1 aktiviert ist:\n\n\n\nSecurity Gateways:\n\n\n\nR82.10 Jumbo Hotfix Take 19 or below\n\nR82 Jumbo Hotfix Take 103 or below\n\nR81.20 Jumbo Hotfix Take 141 or below\n\nR81.10 (EOS)\n\nR81 (EOS)\n\nR80.40 (EOS)\n\n\n\nSpark Firewalls:\n\n\n\nR80.20.X (EOS),\n\nR81.10.X,\n\nR82.00.X \n\n\n\n\nAbhilfe\n\nCheckpoint stellt für die unterschiedlichen Produkte Hotfixes bereit.\n\nIm Advisory finden sich weiters auch Tipps zur Suche nach bereits erfolten Angriffen sowie mitigierende Maßnahmen.\n\nSollten sich in ihren Systemen Hinweise auf eine bereits erfolgte Kompromittierung zeigen bitten wir Sie mit uns Kontakt aufzunehmen.\n\nHinweis\n\nGenerell empfiehlt CERT.at, wo möglich die \"automatisches Update\"-Features von Software zu nutzen, parallel Firewall-Software aktiv und den Virenschutz aktuell zu halten.\n\n\n\nInformationsquelle(n):\n\nCheckpoint Advisory zu CVE-2026-50571 Blog Artikel von Checkpoint zu den beobachteten Angriffen", "creation_timestamp": "2026-06-08T12:27:23.000000Z"}, {"uuid": "cf2099d1-574c-42c5-a619-6db621e74b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html", "content": "Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.\n\nThe vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user", "creation_timestamp": "2026-06-08T12:17:39.000000Z"}, {"uuid": "5fe9d063-2189-4ed9-9b2b-c77c1a7255c3", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ba636079-6682-4f8f-93e0-5668da7fd462", "content": "", "creation_timestamp": "2026-06-08T20:00:02.096952Z"}, {"uuid": "4fd28484-3aad-41ba-975d-8f4a9958367c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6685896", "content": "2026-06-08: [CVE-2026-50751] Check Point Security Gateway Improper Authentication VulnerabilityCheck Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.\ncisakev", "creation_timestamp": "2026-06-08T20:34:07.804594Z"}, {"uuid": "200a790f-eae3-4ca3-bd08-5ee4ac6559d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mnskilvqhk2x", "content": "Check Point VPN Zero-Day (CVE-2026-50751): Hackers Bypass IKEv1 Passwords in Active Ransomware\u00a0Campaign\n\nIntroduction: The legacy IKEv1 key exchange protocol, still active in many enterprise remote-access VPNs, harbors a critical logic flow weakness. Tracked as CVE-2026-50751 with a near-maximum\u2026", "creation_timestamp": "2026-06-08T20:48:52.658575Z"}, {"uuid": "419eac36-7a0a-4b3d-902f-709eac787bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mns7pk42xt2n", "content": "A Qilin ransomware affiliate is exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN solutions, which affects configurations using the deprecated IKEv1 protocol. The first known attacks occurred in early May 2026, with suspicious activity noted on June 4, 2026.", "creation_timestamp": "2026-06-08T17:34:10.956624Z"}, {"uuid": "27a4fdf2-df7d-4bfb-ad96-4982e7ef101e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mnsafgat5z2o", "content": "Check Point VPN\u306eIKEv1\u8a2d\u5b9a\u3067\u3001\u8a8d\u8a3c\u306a\u3057\u306b\u8a3c\u660e\u66f8\u691c\u8a3c\u306e\u8106\u5f31\u6027(CVE-2026-50751)\u3092\u60aa\u7528\u3055\u308c\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30d0\u30a4\u30d1\u30b9\u3055\u308c\u308b\u3002", "creation_timestamp": "2026-06-08T17:48:25.417310Z"}, {"uuid": "3f5d9904-1be2-462e-a9a3-27f91e531166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50751", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mnsbhxq7w223", "content": "\ud83d\udea8 CISA KEV [CVSS 9.3 \u00b7 CRITICAL]\nCritical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)\n\nhttps://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751\n\n#CISA #KEV #PatchNow", "creation_timestamp": "2026-06-08T18:05:43.513329Z"}, {"uuid": "5344591e-c654-4dad-809e-67da8b83fe38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/stechtimes.com/post/3mnsbwvtkm52h", "content": "\ud83d\udee1\ufe0f Check Point VPN Exploitation Puts Legacy IKEv1 Access In The Ransomware Spotlight\n\nA critical Check Point VPN flaw, CVE-2026-50751, is being exploited against legacy IKEv1 remote-access configurations, with activity tied in one case to a\n\n#Cybersecurity #ThreatIntel\n\nLink card below.", "creation_timestamp": "2026-06-08T18:14:06.714992Z"}, {"uuid": "fcafb42c-6d7a-4ec1-8547-d5b0a05f6f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnsd4umvom2n", "content": "CVE-2026-50751 in Check Point Remote Access VPN and Mobile Access was exploited by a Qilin affiliate to bypass authentication and create VPN sessions, now patched.\n", "creation_timestamp": "2026-06-08T18:35:19.236852Z"}, {"uuid": "aeb7f170-b169-4a69-86ad-2ebfcf45741c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mnslikalsk2j", "content": "CVE-2026-50751: Check Point VPN Zero-Day Exploited by Qilin Affiliate; Patch Released June 8", "creation_timestamp": "2026-06-08T21:06:37.889444Z"}, {"uuid": "ef6f2bb5-c830-4c6e-b672-281f8b2511ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116715644009315422", "content": "It is possible to see elevated activities targeting Check Point Quantum Security Gateway and Spark Firewalls (CVE-2026-50751) https://vuldb.com/vuln/369177/cti", "creation_timestamp": "2026-06-08T17:23:21.121929Z"}, {"uuid": "ab3f9941-394a-4240-97ef-dec38237de74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/rapid7.com/post/3mns76ik5lc2y", "content": "\ud83d\udea8 On 6/8/26, #CheckPoint published a security advisory for a critical vuln. affecting its Remote Access VPN, Mobile Access, and Spark Firewall products.\n\nCVE-2026-50751 allows an unauth. attacker to establish a VPN session without providing valid credentials. More: r-7.co/4fyoJJc", "creation_timestamp": "2026-06-08T17:24:55.702912Z"}]}