Check Point warned that CVE-2026-50751 is a critical authentication bypass flaw in its VPN and firewall products that has been exploited in the wild as a zero-day since May 7. The company also disclosed CVE-2026-50752, a related certificate validation issue, and released hotfixes while CISA added CVE-2026-50751 to its KEV catalog. #CheckPoint #CVE-2026-50751 #CVE-2026-50752 #Qilin
Keypoints
- CVE-2026-50751 is a critical authentication bypass affecting Check Point VPN and firewall products.
- The flaw impacts deprecated IKEv1 certificate validation for Remote Access and Mobile Access.
- Attackers can establish VPN sessions without a valid password.
- Exploitation has been observed since May 7 and involved targeted organizations worldwide.
- Check Point also identified CVE-2026-50752 and released hotfixes and mitigation guidance.
Read More: https://www.securityweek.com/check-point-vpn-zero-day-exploited-in-qilin-ransomware-attacks/