CVE-2026-50751 is a critical authentication bypass vulnerability in Check Point Remote Access VPN and Mobile Access products that use the deprecated IKEv1 key exchange protocol. It permits unauthenticated, remote attackers to bypass authentication and establish VPN connections. Exploitation has been confirmed in the wild, including attacks linked to the Qilin ransomware gang. The vulnerability affects configurations that accept legacy Remote Access clients and do not require machine certificates. Check Point also identified CVE-2026-50752, a certificate validation flaw in IKEv1, which could facilitate man-in-the-middle attacks on site-to-site VPNs but has not been exploited yet. Check Point has released patches and recommends disabling IKEv1 in favor of IKEv2, enforcing machine certificate authentication, and enabling IPS protections.

Successful exploitation of CVE-2026-50751 allows unauthenticated remote attackers to bypass VPN authentication controls, potentially granting unauthorized remote access to internal networks. This has led to targeted attacks against a limited number of organizations globally, including confirmed post-compromise activity by the Qilin ransomware affiliate. CVE-2026-50752, if exploited, could enable man-in-the-middle attacks on site-to-site VPN connections, potentially compromising data confidentiality and integrity, though no exploitation has been observed to date.

Check Point has released official security updates that patch both CVE-2026-50751 and CVE-2026-50752. Customers are strongly advised to apply these updates immediately. For those unable to patch promptly, Check Point recommends removing support for legacy remote access clients, configuring Remote Access VPN Authentication to use IKEv2 only, making machine certificate authentication mandatory, and enabling IPS with updated signatures. These measures mitigate the vulnerabilities until patches can be applied.