UPDATE: Check Point IKEv1 CVE-2026-50751 — public PoC raises exploitation risk

UPDATE (originally covered 2026-06-09): NCSC-NL updated its advisory (NCSC-2026-0179, version 1.0.1) on 2026-06-16 to note that public proof-of-concept code is now available for the Check Point Security Gateway IKEv1 authentication bypass (CVE-2026-50751, CVSS 9.3), increasing the probability of exploitation (NCSC-NL, 2026-06-16).

The flaw lets an unauthenticated client abuse the IKEv1 negotiation to bypass peer-signature verification and impersonate any VPN identity configured for certificate or mixed authentication (username/password-only configurations are not affected); the public PoC follows watchTowr's earlier technical analysis (Help Net Security, 2026-06-12). Apply the early-June Check Point hotfix; where feasible disable IKEv1 legacy mode or enforce mandatory machine-certificate authentication, which is not bypassable by this flaw.