Skip to main content
All vulnerabilities
CVE-2026-50751 Known ransomware use CVSS 9.3

Check Point Security Gateway Improper Authentication Vulnerability

Check PointSecurity Gateway

Added to KEV catalog
8 June 2026
Federal remediation due date
11 June 2026
Weakness classification (CWE)
CWE-287

AI Breakdown

What it is

This vulnerability affects Check Point Security Gateway products, allowing an attacker to connect to your network through the VPN without knowing the correct password. It exploits a weakness in an older, less secure part of the system called IKEv1. This means an unauthorized person can gain remote access to your network.

Why it matters

This vulnerability is extremely severe because it allows unauthorized individuals to access your network as if they were legitimate users. Its critical importance is highlighted by its high severity score and the fact that it has already been used by ransomware groups in active attacks. This poses a direct and immediate threat to your organization's data and systems.

Recommended action

Immediately prioritize applying any available patches or mitigation steps provided by Check Point for this vulnerability. If no fixes or mitigations are available, you should urgently consider discontinuing the use of the affected product to protect your systems. Ensure your team follows any relevant CISA BOD 22-01 guidance, especially if cloud services are involved.

AI-generated from CISA and NVD data — treat as a starting point, not a substitute for your own risk assessment.

CISA Description

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes

https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ ; https://support.checkpoint.com/results/sk/sk185033?_gl=1*1wqeqhc*_gcl_au*MTI1MzE5MjI2LjE3ODA5MzQ1NTM. ; https://nvd.nist.gov/vuln/detail/CVE-2026-50751

NVD Technical Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services