CVE-2026-50751: Check Point VPN Authentication Bypass Exploited in Targeted Attacks
ID: b3144470-9cf1-539d-8d1c-bce9727716ec
STIX ID: report--b3144470-9cf1-539d-8d1c-bce9727716ec
Feed Name: SOC Prime Blog
CVE-2026-50751 is a critical authentication-bypass in Check Point Remote Access VPN/Mobile Access that, when IKEv1 and legacy client support are enabled without machine-certificate requirements, allows unauthenticated attackers to establish VPN sessions; public reports confirm limited active exploitation since May 7, 2026 with post-compromise activity (Rclone exfiltration, ELF downloads) and at least one case linked to a Qilin ransomware affiliate, and vendors recommend patching, disabling IKEv1, removing legacy client support, and performing forensic log audits.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
