logo

CVE-2026-50751: Check Point VPN Authentication Bypass Exploited in Targeted Attacks

ID: b3144470-9cf1-539d-8d1c-bce9727716ec

STIX ID: report--b3144470-9cf1-539d-8d1c-bce9727716ec

Feed Name: SOC Prime Blog

Threat Score
78/100

Date Published: 2026-06-09

Date Updated: 2026-06-10

Author: SOC Prime Team

...
...

CVE-2026-50751 is a critical authentication-bypass in Check Point Remote Access VPN/Mobile Access that, when IKEv1 and legacy client support are enabled without machine-certificate requirements, allows unauthenticated attackers to establish VPN sessions; public reports confirm limited active exploitation since May 7, 2026 with post-compromise activity (Rclone exfiltration, ELF downloads) and at least one case linked to a Qilin ransomware affiliate, and vendors recommend patching, disabling IKEv1, removing legacy client support, and performing forensic log audits.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.