CVE-2026-50751: CVE-2026-50751: Authentication Bypass in Check Point Security Gateway IKEv1 Legacy Validation

CVE-2026-50751: Authentication Bypass in Check Point Security Gateway IKEv1 Legacy Validation

Vulnerability ID: CVE-2026-50751
CVSS Score: 9.3
Published: 2026-06-08

An improper authentication vulnerability (CWE-287) exists in the legacy, deprecated Internet Key Exchange version 1 (IKEv1) key exchange protocol implementation in Check Point Security Gateways. The vulnerability is caused by a logic flow weakness during the certificate validation process for Remote Access VPN and Mobile Access (SSL VPN) connections. An unauthenticated remote attacker can exploit this weakness to bypass user authentication entirely, establishing a fully functional Remote Access VPN connection without a valid password.

TL;DR

A logic flow weakness in Check Point Security Gateway IKEv1 certificate validation allows unauthenticated remote attackers to bypass authentication and establish Remote Access VPN tunnels without user passwords.

---

⚠️ Exploit Status: ACTIVE

Technical Details

• CWE ID: CWE-287
• Attack Vector: Network (AV:N)
• CVSS Severity: 9.3 (Critical)
• EPSS Score: 0.00010 (Percentile: 1.23%)
• Exploit Status: Active exploitation in-the-wild
• CISA KEV Status: Listed (June 8, 2026)
• Primary Threat Actor: Qilin Ransomware Affiliates

Affected Systems

• Check Point Quantum Security Gateways
• Check Point Maestro Orchestrators
• Check Point Security Groups
• Check Point Spark Firewalls
• Quantum Security Gateway / Maestro Orchestrator: <= R82.10 Take 19 (Fixed in: R82.10 Take 19 with Hotfix)
• Quantum Security Gateway / Maestro Orchestrator: <= R82 Take 103 (Fixed in: R82 Take 103 with Hotfix)
• Quantum Security Gateway / Maestro Orchestrator: <= R81.20 Take 141 (Fixed in: R81.20 Take 141 with Hotfix)
• Spark Firewalls (Gaia Embedded): R82.00.X (Fixed in: R82.00.10 Build 998002216)
• Spark Firewalls (Gaia Embedded): R81.10.X (Fixed in: R81.10.17 Build 996004901)

Mitigation Strategies

• Disable support for legacy Remote Access clients
• Restrict connections to the IKEv2 protocol only
• Enforce mandatory machine certificate authentication

Remediation Steps:

1. Open SmartConsole and navigate to Security Gateway properties -> VPN Clients -> Authentication.
2. Uncheck 'Allow older clients to connect to this gateway' and install the policy.
3. For IKEv2-only restriction: Open Global Properties -> Remote Access -> VPN Authentication, and check 'IKEv2 only'.
4. Deploy vendor-supplied hotfixes (R82.10 Take 19, R82 Take 103, or R81.20 Take 141) as soon as possible.

References

• Check Point Support Portal Advisory (sk185033)
• Check Point Official Security Blog Post
• CISA Known Exploited Vulnerabilities Catalog Search
• CVE.org Authority Record

---

Read the full report for CVE-2026-50751 on our website for more details including interactive diagrams and full exploit analysis.