CVE-2026-50751

Awaiting Analysis
Published: 08 Jun 2026, 11:07
Last modified:09 Jun 2026, 03:55

Vulnerability Summary

Overall Risk (default)
high
70/100
CVSS Score
9.3 CRITICAL
v3.1 (cve.org)
EPSS Score
17.69% MEDIUM
18% probability +17.68%
KEV
Listed
CIRCL • CISA
2 listings
Ransomware
Known Use
Public exploits
None found
Dark Web
Not detected

Timeline

08 Jun 2026, 11:07
Published
Vulnerability first disclosed
08 Jun 2026, 00:00
Added to CIRCL KEV
Added to Known Exploited Vulnerabilities catalog
08 Jun 2026, 00:00
Added to CISA KEV
Check Point Security Gateway Improper Authentication Vulnerability
09 Jun 2026, 03:55
Last Modified
Vulnerability information updated
11 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

CVSS Metrics

  • v3.1CRITICALScore: 9.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

EPSS Trends

Current EPSS score: 17.69% Percentile: 95%

Techniques & Countermeasures

  • CWE-287Improper Authentication

    When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Systems

  • checkpointquantum security gateway

    R82.10 with Jumbo Hotfix Take 19 or below | R82 with Jumbo Hotfix Take 103 or below | R81.20 with Jumbo Hotfix Take 141 or below | R81.10, R81, and R80.40

  • checkpointspark firewalls

    R80.20.X, R81.10.X, and R82.00.X

References (3)