A critical authentication bypass vulnerability in Check Point's Remote Access VPN and Mobile Access deployments, tracked as CVE-2026-50751, was exploited by attackers, including ransomware groups, for a month before a fix was released. The first attacks were detected on May 7, with activity increasing in early June. Check Point's investigation into the zero-day vulnerability began on June 4, after suspicious activity was spotted. Although exploitation is believed to have been limited, the disclosure of CVE-2026-50751 expands the active attack surface, making it essential for organizations to prioritize mitigation based on their exposure and evidence of exploitation1. The emergency fix, released on Monday, addresses the vulnerability, but the month-long head start by attackers underscores the importance of prompt patching and continuous monitoring. So what matters to practitioners is that they must assess their exposure to this vulnerability and take immediate action to patch and protect their systems.