CVE-2026-50751

June 9, 2026, 6:30 p.m.

9.3
Critical

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Product(s) Impacted

Vendor Product Versions
Checkpoint
  • Gaia Os
  • Gaia Embedded
  • Quantum Spark 1530
  • Quantum Spark 1550
  • Quantum Spark 1570
  • Quantum Spark 1570r
  • Quantum Spark 1590
  • Quantum Spark 1595r
  • Quantum Spark 1600
  • Quantum Spark 1800
  • Quantum Spark 1900
  • Quantum Spark 2000
  • Quantum Spark 1535
  • Quantum Spark 1555
  • Quantum Spark 1575
  • Quantum Spark 1575r
  • Quantum Spark 2530
  • Quantum Spark 2550
  • Quantum Spark 2560
  • Quantum Spark 2570
  • Quantum Spark 2580
  • Quantum Spark 2590
  • *, r81.20, r82, r82.10
  • *, r81.10.17, r82.00.10
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -
  • -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-287
Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

*CPE(s)

Affected systems and software identified for this CVE.

Type Vendor Product Version Update Edition Language Software Edition Target Software Target Hardware Other Information
o checkpoint gaia_os / / / / / / / /
o checkpoint gaia_os r81.20 - / / / / / /
o checkpoint gaia_os r81.20 take_10 / / / / / /
o checkpoint gaia_os r81.20 take_101 / / / / / /
o checkpoint gaia_os r81.20 take_103 / / / / / /
o checkpoint gaia_os r81.20 take_105 / / / / / /
o checkpoint gaia_os r81.20 take_111 / / / / / /
o checkpoint gaia_os r81.20 take_113 / / / / / /
o checkpoint gaia_os r81.20 take_115 / / / / / /
o checkpoint gaia_os r81.20 take_118 / / / / / /
o checkpoint gaia_os r81.20 take_119 / / / / / /
o checkpoint gaia_os r81.20 take_120 / / / / / /
o checkpoint gaia_os r81.20 take_122 / / / / / /
o checkpoint gaia_os r81.20 take_126 / / / / / /
o checkpoint gaia_os r81.20 take_127 / / / / / /
o checkpoint gaia_os r81.20 take_14 / / / / / /
o checkpoint gaia_os r81.20 take_141 / / / / / /
o checkpoint gaia_os r81.20 take_24 / / / / / /
o checkpoint gaia_os r81.20 take_26 / / / / / /
o checkpoint gaia_os r81.20 take_38 / / / / / /
o checkpoint gaia_os r81.20 take_41 / / / / / /
o checkpoint gaia_os r81.20 take_43 / / / / / /
o checkpoint gaia_os r81.20 take_45 / / / / / /
o checkpoint gaia_os r81.20 take_53 / / / / / /
o checkpoint gaia_os r81.20 take_54 / / / / / /
o checkpoint gaia_os r81.20 take_65 / / / / / /
o checkpoint gaia_os r81.20 take_70 / / / / / /
o checkpoint gaia_os r81.20 take_76 / / / / / /
o checkpoint gaia_os r81.20 take_79 / / / / / /
o checkpoint gaia_os r81.20 take_8 / / / / / /
o checkpoint gaia_os r81.20 take_84 / / / / / /
o checkpoint gaia_os r81.20 take_89 / / / / / /
o checkpoint gaia_os r81.20 take_90 / / / / / /
o checkpoint gaia_os r81.20 take_92 / / / / / /
o checkpoint gaia_os r81.20 take_96 / / / / / /
o checkpoint gaia_os r81.20 take_98 / / / / / /
o checkpoint gaia_os r81.20 take_99 / / / / / /
o checkpoint gaia_os r82 - / / / / / /
o checkpoint gaia_os r82 take_10 / / / / / /
o checkpoint gaia_os r82 take_103 / / / / / /
o checkpoint gaia_os r82 take_12 / / / / / /
o checkpoint gaia_os r82 take_14 / / / / / /
o checkpoint gaia_os r82 take_18 / / / / / /
o checkpoint gaia_os r82 take_19 / / / / / /
o checkpoint gaia_os r82 take_25 / / / / / /
o checkpoint gaia_os r82 take_33 / / / / / /
o checkpoint gaia_os r82 take_34 / / / / / /
o checkpoint gaia_os r82 take_36 / / / / / /
o checkpoint gaia_os r82 take_39 / / / / / /
o checkpoint gaia_os r82 take_41 / / / / / /
o checkpoint gaia_os r82 take_43 / / / / / /
o checkpoint gaia_os r82 take_44 / / / / / /
o checkpoint gaia_os r82 take_60 / / / / / /
o checkpoint gaia_os r82 take_73 / / / / / /
o checkpoint gaia_os r82 take_91 / / / / / /
o checkpoint gaia_os r82.10 - / / / / / /
o checkpoint gaia_os r82.10 take_19 / / / / / /
o checkpoint gaia_os r82.10 take_6 / / / / / /
o checkpoint gaia_embedded / / / / / / / /
o checkpoint gaia_embedded r81.10.17 - / / / / / /
o checkpoint gaia_embedded r81.10.17 build_996004508 / / / / / /
o checkpoint gaia_embedded r81.10.17 build_996004620 / / / / / /
o checkpoint gaia_embedded r81.10.17 build_996004653 / / / / / /
o checkpoint gaia_embedded r81.10.17 build_996004721 / / / / / /
o checkpoint gaia_embedded r81.10.17 build_996004892 / / / / / /
h checkpoint quantum_spark_1530 - / / / / / / /
h checkpoint quantum_spark_1550 - / / / / / / /
h checkpoint quantum_spark_1570 - / / / / / / /
h checkpoint quantum_spark_1570r - / / / / / / /
h checkpoint quantum_spark_1590 - / / / / / / /
h checkpoint quantum_spark_1595r - / / / / / / /
h checkpoint quantum_spark_1600 - / / / / / / /
h checkpoint quantum_spark_1800 - / / / / / / /
h checkpoint quantum_spark_1900 - / / / / / / /
h checkpoint quantum_spark_2000 - / / / / / / /
o checkpoint gaia_embedded / / / / / / / /
o checkpoint gaia_embedded r82.00.10 - / / / / / /
o checkpoint gaia_embedded r82.00.10 build_998001559 / / / / / /
o checkpoint gaia_embedded r82.00.10 build_998001562 / / / / / /
o checkpoint gaia_embedded r82.00.10 build_998002110 / / / / / /
o checkpoint gaia_embedded r82.00.10 build_998002112 / / / / / /
o checkpoint gaia_embedded r82.00.10 build_998002133 / / / / / /
o checkpoint gaia_embedded r82.00.10 build_998002203 / / / / / /
h checkpoint quantum_spark_1535 - / / / / / / /
h checkpoint quantum_spark_1555 - / / / / / / /
h checkpoint quantum_spark_1575 - / / / / / / /
h checkpoint quantum_spark_1575r - / / / / / / /
h checkpoint quantum_spark_2530 - / / / / / / /
h checkpoint quantum_spark_2550 - / / / / / / /
h checkpoint quantum_spark_2560 - / / / / / / /
h checkpoint quantum_spark_2570 - / / / / / / /
h checkpoint quantum_spark_2580 - / / / / / / /
h checkpoint quantum_spark_2590 - / / / / / / /

References

https://support.checkpoint.com/results/sk/sk185033
https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751

Tags

[email protected]
CWE-287
2026-06-08
CVE-2026-50751

CVSS Score

9.3 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: CHANGED
  • Confidentiality Impact: HIGH
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

    View Vector String

Timeline

Published: June 8, 2026, 12:16 p.m.
Last Modified: June 9, 2026, 6:30 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

[email protected]

Linked Attack Reports

Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)

A critical authentication bypass vulnerability affecting Remote Access VPN and Mobile Access deployments has been actively exploited in the wild. The vulnerability exploits a logic flaw in certificate validation within the deprecated IKEv1 key exchange protocol, allowing attackers to establish VPN …
ransomware
qilin
active exploitation
CVE-2026-50751
CVE-2026-50752
2026-06-09
remote access vpn
vpn authentication bypass
Published: June 9, 2026
Linked vulnerabilities : CVE-2026-50751 (CVSS 9.3), CVE-2026-50752 (CVSS 7.4)
Downloadable IOCs: 7

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.