CVE-2026-50752
HighCVSS 7.4Summary
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication.
Risk Assessment
Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel, posing a serious threat to the organization's data security.
Recommendation
It is recommended to avoid using IKEv1 and transition to newer key exchange protocols that offer better security. Regularly update systems and monitor VPN traffic for potential attacks.
Original NVD description (English source)
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

