(TLP:CLEAR) Vulnerability Notification – Active Exploitation of Check Point VPN Authentication Bypass Vulnerability, CVE-2026-50751
Created: Wednesday, June 10, 2026 - 19:12
Categories: Cybersecurity, Security Preparedness
ACTION MAY BE REQUIRED for utilities using Check Point Remote Access VPN or Mobile Access deployments configured with IKEv1 key exchange protocol. Utilities that outsource technology support may need to consult their service providers for assistance with remediation actions.
Summary: A critical authentication bypass vulnerability affecting Check Point Remote Access VPN and Mobile Access has been observed being actively exploited in the wild. Tracked as CVE-2026-50751, the vulnerability impacts deployments configured to use the deprecated IKEv1 key exchange protocol. Successful exploitation could allow a remote attacker to establish a VPN session without valid user credentials, effectively bypassing authentication controls.
A Qilin ransomware affiliate is believed to be actively exploiting this vulnerability.
While affected systems may be limited, the combination of a critical authentication bypass of an edge device, confirmed active exploitation, and observed ransomware-related activity make this a high-priority patching item for any utility using Check Point VPN services configured with IKEv1. A successful authentication bypass could provide attackers with an initial foothold inside trusted network environments, potentially enabling lateral movement, credential theft, ransomware deployment, or access to systems that support OT environments.
WaterISAC strongly encourages members address this vulnerability and update systems according to Check Point’s recommendations in its advisory, including:
- Apply the available Check Point security hotfix to affected gateways.
- Review VPN logs and authentication activity for signs of suspicious access dating back to May 7, 2026.
- Determine whether IKEv1 is enabled and migrate to more secure VPN protocols where feasible.
- Review Check Point’s indicators of compromise and remediation guidance.
Original Source: https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
Additional Reading:
- Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
- Qilin ransomware affiliate exploited Check Point VPN zero-day (CVE-2026-50751)
Related WaterISAC PIRs: 6, 6.1, 7, 8, 10, 10.2,11, 12