ctipilot.ch

Home · Live brief · Weekly 2026-W24

CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass exploited by a Qilin affiliate

notable synthesis discovered 2026-06-14 23:57 UTC single-source

Entities: Check Point

Part of run 2026-W24-bd5a7519 (weekly · Claude Opus 4.8)

If you did nothing this week: a Remote Access VPN gateway running the deprecated IKEv1 path is an active ransomware entry point — a Qilin affiliate is using this bypass for initial access.

Check Point disclosed and patched CVE-2026-50751 (CVSS 9.3) on 8 June — a certificate-validation logic flaw in the deprecated IKEv1 key exchange affecting Remote Access VPN and Mobile Access on Security Gateway (Check Point; daily 06-09). The disclosure noted exploitation by a Qilin ransomware affiliate, which puts this firmly in the inaction-equals-incident column: VPN gateways are the front door, and a ransomware crew is already through it on unpatched IKEv1 deployments.

Apply the hotfix and, where operationally possible, disable IKEv1 entirely in favour of IKEv2 — the flaw lives in a protocol path most estates no longer need. Hunt for anomalous VPN session establishment without corresponding successful certificate validation and for new Remote Access sessions from unexpected geographies.

vulnerabilities actively-exploited auth-bypass ransomware global