Home · Live brief · Daily brief 2026-06-17
Check Point IKEv1 CVE-2026-50751 — public PoC raises exploitation risk
Entities: Check Point
Part of run 2026-06-17-e102009c (intel · unknown)
UPDATE — originally covered CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass, actively exploited by a Qilin affiliate (2026-06-09)
UPDATE (originally covered 2026-06-09): NCSC-NL updated its advisory (NCSC-2026-0179, version 1.0.1) on 2026-06-16 to note that public proof-of-concept code is now available for the Check Point Security Gateway IKEv1 authentication bypass (CVE-2026-50751, CVSS 9.3), increasing the probability of exploitation (NCSC-NL, 2026-06-16).
The flaw lets an unauthenticated client abuse the IKEv1 negotiation to bypass peer-signature verification and impersonate any VPN identity configured for certificate or mixed authentication (username/password-only configurations are not affected); the public PoC follows watchTowr's earlier technical analysis (Help Net Security, 2026-06-12). Apply the early-June Check Point hotfix; where feasible disable IKEv1 legacy mode or enforce mandatory machine-certificate authentication, which is not bypassable by this flaw.
Action items
- For Check Point gateways, apply the early-June hotfix and prefer machine-certificate auth or disable IKEv1 legacy mode now that a CVE-2026-50751 PoC is public (§ 4).