Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek .
AI Analysis
Technical Summary
CVE-2026-50751 is a critical authentication bypass vulnerability in Check Point VPN and firewall products caused by a logic flow weakness in the validation process of Remote Access and Mobile Access certificates within the deprecated IKEv1 key exchange. This flaw allows remote attackers to establish VPN sessions without a valid password. Exploitation has been observed in the wild since May 7, 2026, with increasing activity in early June, targeting a limited number of organizations globally. At least one confirmed attack was linked to a Qilin ransomware affiliate. Additionally, a second related vulnerability (CVE-2026-50752) enables man-in-the-middle attacks on VPN site-to-site connections but has not been exploited in the wild. Check Point has issued hotfixes to remediate both vulnerabilities and provided indicators of compromise and mitigation guidance. The US Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2026-50751 in its Known Exploited Vulnerabilities catalog, recommending patching by June 11, 2026.
Potential Impact
The vulnerability allows attackers to bypass authentication and establish VPN connections without valid credentials, potentially granting unauthorized network access. Exploitation has been linked to ransomware attacks by the financially motivated Qilin ransomware affiliate. The flaw affects remote access and mobile access VPN sessions, increasing the risk of unauthorized access and subsequent malicious activity within targeted organizations. The related man-in-the-middle vulnerability (CVE-2026-50752) could compromise VPN site-to-site communications if exploited, though no exploitation has been observed to date.
Mitigation Recommendations
Check Point has released official hotfixes addressing CVE-2026-50751 and CVE-2026-50752 for affected appliances. Organizations should apply these hotfixes promptly. The US CISA has included CVE-2026-50751 in its Known Exploited Vulnerabilities catalog and recommends patching by June 11, 2026. Follow Check Point's published indicators of compromise and mitigation guidance. No alternative mitigations or workarounds are specified beyond applying the vendor-provided hotfixes.
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks
Description
The authentication bypass vulnerability allows attackers to establish VPN connections without a valid password. The post Check Point VPN Zero-Day Exploited in Qilin Ransomware Attacks appeared first on SecurityWeek .
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-50751 is a critical authentication bypass vulnerability in Check Point VPN and firewall products caused by a logic flow weakness in the validation process of Remote Access and Mobile Access certificates within the deprecated IKEv1 key exchange. This flaw allows remote attackers to establish VPN sessions without a valid password. Exploitation has been observed in the wild since May 7, 2026, with increasing activity in early June, targeting a limited number of organizations globally. At least one confirmed attack was linked to a Qilin ransomware affiliate. Additionally, a second related vulnerability (CVE-2026-50752) enables man-in-the-middle attacks on VPN site-to-site connections but has not been exploited in the wild. Check Point has issued hotfixes to remediate both vulnerabilities and provided indicators of compromise and mitigation guidance. The US Cybersecurity and Infrastructure Security Agency (CISA) has listed CVE-2026-50751 in its Known Exploited Vulnerabilities catalog, recommending patching by June 11, 2026.
Potential Impact
The vulnerability allows attackers to bypass authentication and establish VPN connections without valid credentials, potentially granting unauthorized network access. Exploitation has been linked to ransomware attacks by the financially motivated Qilin ransomware affiliate. The flaw affects remote access and mobile access VPN sessions, increasing the risk of unauthorized access and subsequent malicious activity within targeted organizations. The related man-in-the-middle vulnerability (CVE-2026-50752) could compromise VPN site-to-site communications if exploited, though no exploitation has been observed to date.
Mitigation Recommendations
Check Point has released official hotfixes addressing CVE-2026-50751 and CVE-2026-50752 for affected appliances. Organizations should apply these hotfixes promptly. The US CISA has included CVE-2026-50751 in its Known Exploited Vulnerabilities catalog and recommends patching by June 11, 2026. Follow Check Point's published indicators of compromise and mitigation guidance. No alternative mitigations or workarounds are specified beyond applying the vendor-provided hotfixes.
Technical Details
- Article Source
- {"url":"https://www.securityweek.com/check-point-vpn-zero-day-exploited-in-qilin-ransomware-attacks/","fetched":true,"fetchedAt":"2026-06-09T09:55:43.330Z","wordCount":988}
Threat ID: 6a27e31f8dd33fbd85125a52
Added to database: 6/9/2026, 9:55:43 AM
Last enriched: 6/9/2026, 9:55:51 AM
Last updated: 6/10/2026, 5:04:42 AM
Views: 13
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.