ctipilot.ch

Home · Live brief · Daily brief 2026-06-17

Check Point IKEv1 CVE-2026-50751 — public PoC raises exploitation risk

notable vulnerability discovered 2026-06-17 05:14 UTC

Entities: Check Point

Part of run 2026-06-17-e102009c (intel · unknown)

UPDATE — originally covered CVE-2026-50751 — Check Point Security Gateway: IKEv1 VPN authentication bypass, actively exploited by a Qilin affiliate (2026-06-09)

UPDATE (originally covered 2026-06-09): NCSC-NL updated its advisory (NCSC-2026-0179, version 1.0.1) on 2026-06-16 to note that public proof-of-concept code is now available for the Check Point Security Gateway IKEv1 authentication bypass (CVE-2026-50751, CVSS 9.3), increasing the probability of exploitation (NCSC-NL, 2026-06-16).

The flaw lets an unauthenticated client abuse the IKEv1 negotiation to bypass peer-signature verification and impersonate any VPN identity configured for certificate or mixed authentication (username/password-only configurations are not affected); the public PoC follows watchTowr's earlier technical analysis (Help Net Security, 2026-06-12). Apply the early-June Check Point hotfix; where feasible disable IKEv1 legacy mode or enforce mandatory machine-certificate authentication, which is not bypassable by this flaw.

Action items

  • For Check Point gateways, apply the early-June hotfix and prefer machine-certificate auth or disable IKEv1 legacy mode now that a CVE-2026-50751 PoC is public (§ 4).

Update chain

vulnerabilities auth-bypass poc-public patch-available europe global CVE-2026-50751