Check Point IKEv1 site-to-site VPN MitM via certificate validation weakness (CVSS 7.4) — no observed exploitation

cve · CVE-2026-50752

Coverage timeline

first 2026-06-09 → last 2026-06-09

Briefs

1 distinct

Sources cited

176

83 hosts

Sections touched

—

Co-occurring entities

see Related entities below

Story timeline

2026-06-09CTI Daily Brief — 2026-06-09

Source distribution

attack.mitre.org21 (12%)
thehackernews.com13 (7%)
bleepingcomputer.com10 (6%)
github.com10 (6%)
blog.checkpoint.com5 (3%)
microsoft.com5 (3%)
research.checkpoint.com5 (3%)
rapid7.com3 (2%)
other104 (59%)

Related entities

Check Point IKEv1 VPN authentication bypass (CVE-2026-50751)
cveCVE-2026-50751×1
Check Point Research March-April 2026 AI Threat Landscape Digest — single operator runs two AI platforms in parallel to breach nine Mexican government agencies; EvilTokens jailbreak-as-a-service
annual-reportannual-report:checkpoint-research-ai-threat-landscape-march-april-2026-mexico-nine-agencies-eviltokens×1
NCSC-CH: Booking.com breach feeds WhatsApp hotel-booking phishing (TWINT/bank spoof + booking-channel ATO)
incidentincident:ncsc-ch-booking-hotel-phishing-2026×1
Qilin / Agenda — Rust-based ransomware-as-a-service; Q3 2025 German operational tempo tripled (GTIG); 23 Q1 2026 healthcare claims
actoractor:Qilin×1

External references

NVD · cve.org · CISA KEV

All cited sources (176)

Items in briefs about Check Point IKEv1 site-to-site VPN MitM via certificate validation weakness (CVSS 7.4) — no observed exploitation (1)

CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass, actively exploited by a Qilin affiliate

From CTI Daily Brief — 2026-06-09 · published 2026-06-09 · view item permalink →

Check Point disclosed and patched CVE-2026-50751 (CVSS 9.3) on 8 June 2026 — a logic-flow weakness in certificate validation in the deprecated IKEv1 key exchange affecting Remote Access VPN and Mobile Access deployments. An unauthenticated remote attacker can establish a VPN session without a valid user password; post-authentication activity is still required to reach internal resources (Check Point, 2026-06-08). NCSC-CH issued an Action-Required advisory the same day and links observed exploitation to a Qilin ransomware affiliate (NCSC-CH, 2026-06-08); CISA added the CVE to its KEV catalog on 8 June. Full technical treatment, exploitation prerequisites and hardening are in § 5 below. The companion CVE-2026-50752 (CVSS 7.4, site-to-site IKEv1 MitM, no observed exploitation) should be patched in the same window.