CVE Catalog

CVE-2026-50752

HighCVSS 7.4
Published: Updated: Translated: NVD NIST

Summary

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication.

Risk Assessment

Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel, posing a serious threat to the organization's data security.

Recommendation

It is recommended to avoid using IKEv1 and transition to newer key exchange protocols that offer better security. Regularly update systems and monitor VPN traffic for potential attacks.

Original NVD description (English source)

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS