{"vulnerability": "cve-2026-50751", "sightings": [{"uuid": "782f5882-ad69-4817-89a8-6b2a44689078", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "c933734a-9be8-4142-889e-26e95c752803", "vulnerability": "CVE-2026-50751", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/9668c362-595a-4b6d-a788-a3429da4656b", "content": "", "creation_timestamp": "2026-06-08T13:19:17.590833Z"}, {"uuid": "7eefbff4-1868-42b8-be81-5b796d4b1fe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mnroob5y2k2g", "content": "Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/06/08/c...\n\n#cybersecurity #cybersecuritynews #0day #datatheft #ransomware #secureaccess #VPN #vulnerability", "creation_timestamp": "2026-06-08T12:29:35.963660Z"}, {"uuid": "dd31ece7-220e-4f1a-b476-8b2ff54435a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mnrp32442m2d", "content": "Qilin\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30d5\u30a3\u30ea\u30a8\u30a4\u30c8\u304cCheck Point VPN\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\uff08CVE-2026-50751\uff09\u3092\u60aa\u7528\n\nQilin\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u306e\u30a2\u30d5\u30a3\u30ea\u30a8\u30a4\u30c8\u304c\u3001Check Point VPN\u306eRemote Access\u304a\u3088\u3073Mobile Access\u306b\u5b58\u5728\u3059\u308b\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u8106\u5f31\u6027CVE-2026-50751\u3092\u60aa\u7528\u3057\u3066\u3044\u308b\u3068\u898b\u3089\u308c\u308b\u3068\u3001\u540c\u793e\u304c\u6708\u66dc\u65e5\u306b\u767a\u8868\u3057\u307e\u3057\u305f\u3002 CVE-2026-50751\u306b\u3064\u3044\u3066 Check P", "creation_timestamp": "2026-06-08T12:36:22.698417Z"}, {"uuid": "89dda064-2882-487e-af0b-1b042760a1a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hapsis.bsky.social/post/3mnrqtapwzk2p", "content": "Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)\n\nwww.helpnetsecurity.com/2026/06/08/c...\n\n#Kyberturvallisuus #Haavoittuvuus #AktiivinenHyv\u00e4ksik\u00e4ytt\u00f6", "creation_timestamp": "2026-06-08T13:07:52.780162Z"}, {"uuid": "bf51c850-30d3-4f39-8947-324415539873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/pixelsandpulse.bsky.social/post/3mnrujreuwh2t", "content": "Qilin ransomware is actively exploiting a Check Point VPN zero-day (CVE-2026-50751) by targeting deprecated IKEv1 protocols. This isn't just another vulnerability; it's a stark reminder that legacy configurations are\u2026\n\nhttps://www.tpp.blog/1xzskh3\n\n#cybersecurity #checkpoint #qilinransomware", "creation_timestamp": "2026-06-08T14:14:06.811054Z"}, {"uuid": "63d64942-9944-4fc1-8df7-be62899e611b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116714974585924640", "content": "New:\nCheck Point Security Advisory \u2013 Action Required \u2013 Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ \nMore:\nThe Hacker News: Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html @thehackernews #infosec #vulnerability #VPN", "creation_timestamp": "2026-06-08T14:32:58.223659Z"}, {"uuid": "18cc36f4-2ed8-4b3e-b86f-f8a2b32581e7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnrrswra7i2s", "content": "CVE-2026-50751 - User Authentication Bypass in VPN Remote Access and Mobile Access\nCVE ID : CVE-2026-50751\n \n Published : June 8, 2026, 12:16 p.m. | 16\u00a0minutes ago\n \n Description : A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IK...", "creation_timestamp": "2026-06-08T13:25:31.579491Z"}, {"uuid": "e6583362-ae63-4ed0-acc0-6b2439fc3be8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnrx4ohyb427", "content": "Check Point patched CVE-2026-50751, a critical VPN auth bypass used in zero-day attacks, and found CVE-2026-50752, an IKEv1 flaw tied to Qilin ransomware activity. #CheckPoint #Qilin #VPN", "creation_timestamp": "2026-06-08T15:00:32.623201Z"}, {"uuid": "c000efb6-db2f-4476-91aa-9730c0203532", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnryweklxu2f", "content": "CVE-2026-50751 in Check Point Remote Access/Mobile Access VPNs using IKEv1 lets attackers bypass password checks via a certificate validation flaw, with Qilin-linked activity observed.\n", "creation_timestamp": "2026-06-08T15:32:43.449065Z"}, {"uuid": "200954ed-f67a-41fa-a95c-aa2f9aab315e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://social.circl.lu/users/circl/statuses/116715192452841996", "content": "Checkpoint - User Authentication Bypass in VPN Remote Access and Mobile Access\n#checkpoint #vulnerabilitymanagement #vulnerability \nhttps://vulnerability.circl.lu/vuln/CVE-2026-50751", "creation_timestamp": "2026-06-08T15:28:22.683784Z"}, {"uuid": "9380716f-78ea-4d1d-8c53-9410bd448c0e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnrywb2eoi2n", "content": "CVE-2026-50751 enables unauthenticated attackers to bypass user authentication and establish VPN sessions on IKEv1-based Remote Access/Mobile Access deployments.\n", "creation_timestamp": "2026-06-08T15:32:41.249494Z"}, {"uuid": "6860b189-89f7-4bb6-81ef-50e1f3102824", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0179", "content": "Check Point heeft kwetsbaarheden verholpen in Remote and Mobile Access VPN-producten, specifiek voor implementaties die gebruikmaken van het IKEv1 key exchange protocol. Er zijn twee kwetsbaarheden vastgesteld in Check Point Security Gateways en Remote Access VPN-omgevingen die gebruikmaken van het verouderde IKEv1-protocol. De kwetsbaarheden CVE-2026-50751 en CVE-2026-50752 treffen VPN-authenticatie en certificaatvalidatie. Deze kwetsbaarheden stellen aanvallers in staat om zonder geldige authenticatie toegang te verkrijgen tot VPN-omgevingen.\n\nDe kwetsbaarheid CVE-2026-50751 is als zero-day misbruikt. Volgens Check Point zou in \u00e9\u00e9n geval ook ransomware zijn geplaatst na dit misbruik. Het eerste gedetecteerde misbruik dateert van 7 mei. Het IKEv1-protocol is een verouderd protocol dat nog wel wordt gebruikt bij dit soort implementaties. Het NCSC-NL verwacht dat er op korte termijn grootschalig misbruik zal plaatsvinden en roept organisaties op om de advisory van Check Point op te volgen. Ook roept het NCSC-NL organisaties op om de IoC\u2019s van Check Point te controleren als binnen de organisatie betreffende producten worden gebruikt waarin IKEv1 is ingeschakeld.\n IOCs\n45.77.149[.]152\n209.182.225[.]136\n38.60.157[.]139\n162.33.177[.]101\n45.76.26[.]42\n144.208.127[.]155\n38.54.88[.]201\n38.54.107[.]167\n66.42.99[.]200\n\n52fda5c1b9704544f32ee98d9060e689\n\n51d39aa39478beeac94f2d12f682ecce", "creation_timestamp": "2026-06-08T12:29:06.000000Z"}, {"uuid": "2b551f2c-101c-4422-9ae6-8bd9e6005a26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://www.cert.at/de/warnungen/2026/6/angriffe-gegen-checkpoint-vpn-losungen-hotfix-verfugbar", "content": "08.06.2026\n\nBeschreibung\n\nCheckpoint warnt vor beobachteten Angriffen gegen die Produkte Checkpoint Security Gateway und Checkpoint Spark Firewall. \n\nAuswirkungen\n\nDie zugrunde liegende Sicherheitslücke CVE-2026-50751 erlaubt unbefugten Zugriff auf das VPN.\n\nBetroffene Systeme\n\nFolgende Systeme sind von der Sicherheitslücke betroffen, sofern IKEv1 aktiviert ist:\n\n\n\nSecurity Gateways:\n\n\n\nR82.10 Jumbo Hotfix Take 19 or below\n\nR82 Jumbo Hotfix Take 103 or below\n\nR81.20 Jumbo Hotfix Take 141 or below\n\nR81.10 (EOS)\n\nR81 (EOS)\n\nR80.40 (EOS)\n\n\n\nSpark Firewalls:\n\n\n\nR80.20.X (EOS),\n\nR81.10.X,\n\nR82.00.X \n\n\n\n\nAbhilfe\n\nCheckpoint stellt für die unterschiedlichen Produkte Hotfixes bereit.\n\nIm Advisory finden sich weiters auch Tipps zur Suche nach bereits erfolten Angriffen sowie mitigierende Maßnahmen.\n\nSollten sich in ihren Systemen Hinweise auf eine bereits erfolgte Kompromittierung zeigen bitten wir Sie mit uns Kontakt aufzunehmen.\n\nHinweis\n\nGenerell empfiehlt CERT.at, wo möglich die \"automatisches Update\"-Features von Software zu nutzen, parallel Firewall-Software aktiv und den Virenschutz aktuell zu halten.\n\n\n\nInformationsquelle(n):\n\nCheckpoint Advisory zu CVE-2026-50571 Blog Artikel von Checkpoint zu den beobachteten Angriffen", "creation_timestamp": "2026-06-08T12:27:23.000000Z"}, {"uuid": "f7c9ca81-27f0-40ba-8473-507e312274cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mns32o2ljf24", "content": "~Cybergcca~\nCheck Point VPN authentication bypass (CVE-2026-50751) is under active exploitation.\n-\nIOCs: CVE-2026-50751\n-\n#CVE202650751 #CheckPoint #ThreatIntel", "creation_timestamp": "2026-06-08T16:10:55.869504Z"}, {"uuid": "419eac36-7a0a-4b3d-902f-709eac787bca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mns7pk42xt2n", "content": "A Qilin ransomware affiliate is exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN solutions, which affects configurations using the deprecated IKEv1 protocol. The first known attacks occurred in early May 2026, with suspicious activity noted on June 4, 2026.", "creation_timestamp": "2026-06-08T17:34:10.956624Z"}, {"uuid": "27a4fdf2-df7d-4bfb-ad96-4982e7ef101e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mnsafgat5z2o", "content": "Check Point VPN\u306eIKEv1\u8a2d\u5b9a\u3067\u3001\u8a8d\u8a3c\u306a\u3057\u306b\u8a3c\u660e\u66f8\u691c\u8a3c\u306e\u8106\u5f31\u6027(CVE-2026-50751)\u3092\u60aa\u7528\u3055\u308c\u3001\u30d1\u30b9\u30ef\u30fc\u30c9\u3092\u30d0\u30a4\u30d1\u30b9\u3055\u308c\u308b\u3002", "creation_timestamp": "2026-06-08T17:48:25.417310Z"}, {"uuid": "3f5d9904-1be2-462e-a9a3-27f91e531166", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50751", "type": "seen", "source": "https://bsky.app/profile/aegisbot.bsky.social/post/3mnsbhxq7w223", "content": "\ud83d\udea8 CISA KEV [CVSS 9.3 \u00b7 CRITICAL]\nCritical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)\n\nhttps://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751\n\n#CISA #KEV #PatchNow", "creation_timestamp": "2026-06-08T18:05:43.513329Z"}, {"uuid": "5344591e-c654-4dad-809e-67da8b83fe38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/stechtimes.com/post/3mnsbwvtkm52h", "content": "\ud83d\udee1\ufe0f Check Point VPN Exploitation Puts Legacy IKEv1 Access In The Ransomware Spotlight\n\nA critical Check Point VPN flaw, CVE-2026-50751, is being exploited against legacy IKEv1 remote-access configurations, with activity tied in one case to a\n\n#Cybersecurity #ThreatIntel\n\nLink card below.", "creation_timestamp": "2026-06-08T18:14:06.714992Z"}, {"uuid": "fcafb42c-6d7a-4ec1-8547-d5b0a05f6f4b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mnsd4umvom2n", "content": "CVE-2026-50751 in Check Point Remote Access VPN and Mobile Access was exploited by a Qilin affiliate to bypass authentication and create VPN sessions, now patched.\n", "creation_timestamp": "2026-06-08T18:35:19.236852Z"}, {"uuid": "4fd28484-3aad-41ba-975d-8f4a9958367c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6685896", "content": "2026-06-08: [CVE-2026-50751] Check Point Security Gateway Improper Authentication VulnerabilityCheck Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.\ncisakev", "creation_timestamp": "2026-06-08T20:34:07.804594Z"}, {"uuid": "200a790f-eae3-4ca3-bd08-5ee4ac6559d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mnskilvqhk2x", "content": "Check Point VPN Zero-Day (CVE-2026-50751): Hackers Bypass IKEv1 Passwords in Active Ransomware\u00a0Campaign\n\nIntroduction: The legacy IKEv1 key exchange protocol, still active in many enterprise remote-access VPNs, harbors a critical logic flow weakness. Tracked as CVE-2026-50751 with a near-maximum\u2026", "creation_timestamp": "2026-06-08T20:48:52.658575Z"}, {"uuid": "aeb7f170-b169-4a69-86ad-2ebfcf45741c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mnslikalsk2j", "content": "CVE-2026-50751: Check Point VPN Zero-Day Exploited by Qilin Affiliate; Patch Released June 8", "creation_timestamp": "2026-06-08T21:06:37.889444Z"}, {"uuid": "cee9a141-7a57-442d-9257-9315d868e989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mns5zz5mme2p", "content": "Check Point warns of active exploitation of CVE-2026-50751, a critical VPN authentication bypass vulnerability. The flaw affects Remote Access VPN [\u2026]", "creation_timestamp": "2026-06-08T17:04:14.157198Z"}, {"uuid": "96a70872-0f4f-4cd1-9014-be61e33f268c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/check-point-security-advisory-av26-559", "content": "", "creation_timestamp": "2026-06-08T07:24:19.000000Z"}, {"uuid": "ef6f2bb5-c830-4c6e-b672-281f8b2511ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116715644009315422", "content": "It is possible to see elevated activities targeting Check Point Quantum Security Gateway and Spark Firewalls (CVE-2026-50751) https://vuldb.com/vuln/369177/cti", "creation_timestamp": "2026-06-08T17:23:21.121929Z"}, {"uuid": "ab3f9941-394a-4240-97ef-dec38237de74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/rapid7.com/post/3mns76ik5lc2y", "content": "\ud83d\udea8 On 6/8/26, #CheckPoint published a security advisory for a critical vuln. affecting its Remote Access VPN, Mobile Access, and Spark Firewall products.\n\nCVE-2026-50751 allows an unauth. attacker to establish a VPN session without providing valid credentials. More: r-7.co/4fyoJJc", "creation_timestamp": "2026-06-08T17:24:55.702912Z"}, {"uuid": "5fe9d063-2189-4ed9-9b2b-c77c1a7255c3", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/ba636079-6682-4f8f-93e0-5668da7fd462", "content": "", "creation_timestamp": "2026-06-08T20:00:02.096952Z"}, {"uuid": "03c98b4c-db78-40fa-a258-b57f397b0631", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-50751", "type": "seen", "source": "https://social.tchncs.de/users/gborn/statuses/116716935635354751", "content": "In Check Point Firewalls und Gateways gibt es zwei Schwachstellen, von denen eine angegriffen wird (Qilin). Es gibt aber Patches und Gegenma\u00dfnahmen.\nhttps://borncity.com/blog/2026/06/08/schwachstelle-cve-2026-50751-bei-check-point-vpn/", "creation_timestamp": "2026-06-08T22:51:44.891602Z"}, {"uuid": "cf2099d1-574c-42c5-a619-6db621e74b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html", "content": "Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.\n\nThe vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user", "creation_timestamp": "2026-06-08T12:17:39.000000Z"}, {"uuid": "0807e31f-ee2d-438e-911e-03168ea935ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnt5okxrpl2a", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 137 interactions\nCVE-2015-5119: 20 interactions\nCVE-2020-0601: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-50751: 6 interactions\nCVE-2025-8088: 5 interactions\nCVE-2026-50131: 5 interactions\n", "creation_timestamp": "2026-06-09T02:30:30.519105Z"}, {"uuid": "3c2cb537-c2f1-4a1e-bbb0-9caa5c575edb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mnssre2myj2e", "content": "Check Point says CVE-2026-50751 is actively exploited to bypass auth in deprecated IKEv1 VPN setups, affecting Remote Access and Mobile Access deployments. CVE-2026-50752 may enable AitM attacks. #CheckPoint #Qilin #VPN", "creation_timestamp": "2026-06-08T23:15:12.475716Z"}, {"uuid": "9e96a631-c2f3-4281-802a-e4572fa4fc56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mnswgbpvs62y", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u60272\u4ef6\u3092\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds Two Known Exploited Vulnerabilities to Catalog  #CISA (Jun 8)\n\nCVE-2026-42271 BerriAI LiteLLM \u30b3\u30de\u30f3\u30c9\u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u306e\u8106\u5f31\u6027\nCVE-2026-50751 Check Point Security Gateway\u306e\u8a8d\u8a3c\u30a8\u30e9\u30fc\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-06-09T00:20:35.646314Z"}, {"uuid": "ea1a339f-ab2c-4922-942c-c6a306c03dfc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mnswozfx5w2c", "content": "Qilin\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7\u30a2\u95a2\u9023\u7d44\u7e54\u304cCheck Point VPN\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\uff08CVE-2026-50751\uff09\u3092\u60aa\u7528 \n\nQilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)  #HelpNetSecurity (Jun 8)\n\nwww.helpnetsecurity.com/2026/06/08/c...", "creation_timestamp": "2026-06-09T00:25:29.122307Z"}, {"uuid": "a13467b8-1139-4d6d-9484-a84cbaec24ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnsynws6lk2u", "content": "\ud83d\udd34 CVE-2026-50751 - Critical (9.3)\n\nA logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKE...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-50751/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-09T01:00:40.769696Z"}, {"uuid": "50065658-5639-42cc-8a99-3d42286a8ab9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mntddp2duc2h", "content": "Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)\n\nA Qilin ransomware affiliate is believed to be exploiting CVE-2026-50751, an authentication bypass vulnerability in Check Point VPN Remote Access and Mobile Access, the company announced on Monday. Abo\u2026\n#hackernews #news", "creation_timestamp": "2026-06-09T04:11:48.224295Z"}, {"uuid": "fffc13ab-f757-4d28-ad4f-1ad8befc0945", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-50751", "type": "seen", "source": "https://gist.github.com/alon710/d5e17169de3d451d7d6cd197f2a5e3cc", "content": "# CVE-2026-50751: CVE-2026-50751: Authentication Bypass in Check Point Security Gateway IKEv1 Legacy Validation\n\n> **CVSS Score:** 9.3\n> **Published:** 2026-06-08\n> **Full Report:** https://cvereports.com/reports/CVE-2026-50751\n\n## Summary\nAn improper authentication vulnerability (CWE-287) exists in the legacy, deprecated Internet Key Exchange version 1 (IKEv1) key exchange protocol implementation in Check Point Security Gateways. The vulnerability is caused by a logic flow weakness during the certificate validation process for Remote Access VPN and Mobile Access (SSL VPN) connections. An unauthenticated remote attacker can exploit this weakness to bypass user authentication entirely, establishing a fully functional Remote Access VPN connection without a valid password.\n\n## TL;DR\nA logic flow weakness in Check Point Security Gateway IKEv1 certificate validation allows unauthenticated remote attackers to bypass authentication and establish Remote Access VPN tunnels without user passwords.\n\n## Exploit Status: ACTIVE\n\n## Technical Details\n\n- **CWE ID**: CWE-287\n- **Attack Vector**: Network (AV:N)\n- **CVSS Severity**: 9.3 (Critical)\n- **EPSS Score**: 0.00010 (Percentile: 1.23%)\n- **Exploit Status**: Active exploitation in-the-wild\n- **CISA KEV Status**: Listed (June 8, 2026)\n- **Primary Threat Actor**: Qilin Ransomware Affiliates\n\n## Affected Systems\n\n- Check Point Quantum Security Gateways\n- Check Point Maestro Orchestrators\n- Check Point Security Groups\n- Check Point Spark Firewalls\n- **Quantum Security Gateway / Maestro Orchestrator**: <= R82.10 Take 19 (Fixed in: `R82.10 Take 19 with Hotfix`)\n- **Quantum Security Gateway / Maestro Orchestrator**: <= R82 Take 103 (Fixed in: `R82 Take 103 with Hotfix`)\n- **Quantum Security Gateway / Maestro Orchestrator**: <= R81.20 Take 141 (Fixed in: `R81.20 Take 141 with Hotfix`)\n- **Spark Firewalls (Gaia Embedded)**: R82.00.X (Fixed in: `R82.00.10 Build 998002216`)\n- **Spark Firewalls (Gaia Embedded)**: R81.10.X (Fixed in: `R81.10.17 Build 996004901`)\n\n## Mitigation\n\n- Disable support for legacy Remote Access clients\n- Restrict connections to the IKEv2 protocol only\n- Enforce mandatory machine certificate authentication\n\n**Remediation Steps:**\n1. Open SmartConsole and navigate to Security Gateway properties -> VPN Clients -> Authentication.\n2. Uncheck 'Allow older clients to connect to this gateway' and install the policy.\n3. For IKEv2-only restriction: Open Global Properties -> Remote Access -> VPN Authentication, and check 'IKEv2 only'.\n4. Deploy vendor-supplied hotfixes (R82.10 Take 19, R82 Take 103, or R81.20 Take 141) as soon as possible.\n\n## References\n\n- [Check Point Support Portal Advisory (sk185033)](https://support.checkpoint.com/results/sk/sk185033)\n- [Check Point Official Security Blog Post](https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/)\n- [CISA Known Exploited Vulnerabilities Catalog Search](https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751)\n- [CVE.org Authority Record](https://www.cve.org/CVERecord?id=CVE-2026-50751)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-50751) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-09T04:41:47.000000Z"}]}