CISA issued an emergency directive for CVE-2026-50751, a CVSS 9.3 authentication bypass in Check Point Remote Access VPN that was actively exploited weeks before disclosure. Qilin ransomware affiliates used the flaw to breach dozens of organizations by abusing IKEv1-enabled VPN gateways for authenticated access, exfiltration, and command-and-control. #CVE-2026-50751 #CheckPoint #CISA #Qilin #IKEv1
Keypoints
- CVE-2026-50751 enabled remote authentication bypass in Check Point Remote Access VPN.
- Exploitation began in early May, weeks before the June 8 disclosure.
- Qilin ransomware affiliates used the flaw against organizations worldwide.
- Attackers used Rclone for exfiltration and Tox for command-and-control.
- The incident shows the risk of perimeter trust when VPN gateways become attack vectors.
Read More: https://cyberscoop.com/why-security-patching-is-not-enough-cve-2026-50751-op-ed/