CVE Catalog

Actively exploited in the wild

Check Point Security Gateway Improper Authentication Vulnerability

Check Point — Security Gateway · Listed in the CISA KEV since 2026-06-08. This indicates confirmed attacks in production environments.

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CVE-2026-50751

CriticalCVSS 9.3KEV
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Very high risk
11.84%

94th percentile — higher than 94% of all known CVEs

Summary

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Risk Assessment

An attacker could gain access to network resources without needing to provide a password, posing a serious security threat to the organization.

Recommendation

It is recommended to disable support for IKEv1 and implement stronger authentication methods to secure remote access.

Original NVD description (English source)

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS