A critical zero-day vulnerability, CVE-2026-50751, has been exploited in the wild, affecting Check Point's Remote Access VPN, Mobile Access, and Spark Firewall products that use the deprecated IKEv1 key exchange protocol. This authentication bypass vulnerability, with a CVSS score of 9.3, stems from a logic flow weakness and allows improper authentication1. The vulnerability is particularly concerning for deployments that accept legacy Remote Access clients without requiring a machine certificate for connections. Check Point published a security advisory on June 8, 2026, disclosing the vulnerability, which expands the active attack surface. As a result, practitioners should prioritize mitigation based on their exposure and evidence of exploitation. This vulnerability matters to security professionals because it highlights the need for urgent patching and migration to more secure protocols to prevent authentication bypass attacks.
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
⚠️ Critical Alert
Why This Matters
CVE-2026-50751 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- Rapid7. (2026, June 8). Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751). Rapid7 Blog. https://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751
Original Source
Rapid7 Blog
Read original →