Summary
Check Point reports an actively exploited critical authentication bypass (CVE-2026-50751) in its VPN products that allows attackers to establish connections without passwords.
Take Action:
irst, check if your CheckPoint VPN and Mobile Access gateways use IKEv1 without machine certificate requirement. If yes, this is urgent, patch ASAP. If you can't patch right away, switch authentication to IKEv2 only, require machine certificates, and turn off support for legacy remote access clients. Then review your logs at least back to May 7, 2026 for signs of intrusion.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)