Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability affecting Remote Access VPN and Mobile Access deployments configured with the deprecated IKEv1 key exchange protocol. Tracked as CVE-2026-50751 with a CVSS score of 9.3, the flaw is a logic flow weakness in certificate validation that enables an unauthenticated remote attacker to bypass user passwords. This means an attacker can gain unauthorized access to VPN connections without valid credentials. The vulnerability is being actively exploited in the wild, prompting urgent calls for patching. Check Point has released security updates to address the issue. Organizations using affected configurations should prioritize applying patches to prevent potential breaches. The advisory underscores the risks of using deprecated protocols and the importance of timely vulnerability management.
Unpatched VPNs risk unauthorized access via password bypass, compromising network security.