CVE-2026-50751 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.3 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Affected Products (NVD)

Vendor	Product	Version
checkpoint	gaia_os	r80.40 ≤ 𝑥 < r81.20
checkpoint	gaia_os	r81.20
checkpoint	gaia_os	r81.20:take_10
checkpoint	gaia_os	r81.20:take_101
checkpoint	gaia_os	r81.20:take_103
checkpoint	gaia_os	r81.20:take_105
checkpoint	gaia_os	r81.20:take_111
checkpoint	gaia_os	r81.20:take_113
checkpoint	gaia_os	r81.20:take_115
checkpoint	gaia_os	r81.20:take_118
checkpoint	gaia_os	r81.20:take_119
checkpoint	gaia_os	r81.20:take_120
checkpoint	gaia_os	r81.20:take_122
checkpoint	gaia_os	r81.20:take_126
checkpoint	gaia_os	r81.20:take_127
checkpoint	gaia_os	r81.20:take_14
checkpoint	gaia_os	r81.20:take_141
checkpoint	gaia_os	r81.20:take_24
checkpoint	gaia_os	r81.20:take_26
checkpoint	gaia_os	r81.20:take_38
checkpoint	gaia_os	r81.20:take_41
checkpoint	gaia_os	r81.20:take_43
checkpoint	gaia_os	r81.20:take_45
checkpoint	gaia_os	r81.20:take_53
checkpoint	gaia_os	r81.20:take_54
checkpoint	gaia_os	r81.20:take_65
checkpoint	gaia_os	r81.20:take_70
checkpoint	gaia_os	r81.20:take_76
checkpoint	gaia_os	r81.20:take_79
checkpoint	gaia_os	r81.20:take_8
checkpoint	gaia_os	r81.20:take_84
checkpoint	gaia_os	r81.20:take_89
checkpoint	gaia_os	r81.20:take_90
checkpoint	gaia_os	r81.20:take_92
checkpoint	gaia_os	r81.20:take_96
checkpoint	gaia_os	r81.20:take_98
checkpoint	gaia_os	r81.20:take_99
checkpoint	gaia_os	r82.10
checkpoint	gaia_os	r82.10:take_19
checkpoint	gaia_os	r82.10:take_6
checkpoint	gaia_embedded	r80.20.00 ≤ 𝑥 < r81.10.17
checkpoint	gaia_embedded	r81.10.17
checkpoint	gaia_embedded	r81.10.17:build_996004508
checkpoint	gaia_embedded	r81.10.17:build_996004620
checkpoint	gaia_embedded	r81.10.17:build_996004653
checkpoint	gaia_embedded	r81.10.17:build_996004721
checkpoint	gaia_embedded	r81.10.17:build_996004892
checkpoint	gaia_embedded	r80.20.00 ≤ 𝑥 < r82.00.10
checkpoint	gaia_embedded	r82.00.10
checkpoint	gaia_embedded	r82.00.10:build_998001559
checkpoint	gaia_embedded	r82.00.10:build_998001562
checkpoint	gaia_embedded	r82.00.10:build_998002110
checkpoint	gaia_embedded	r82.00.10:build_998002112
checkpoint	gaia_embedded	r82.00.10:build_998002133
checkpoint	gaia_embedded	r82.00.10:build_998002203

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Vulnerability Media Exposure

[ENGLISH] Ransomware crims got a month-long head start on Check Point VPN 0-day that now has a fix
Scumbags, including a Qilin ransomware affiliate, began hitting this hole May 7
Published: 2026-06-08T19:10:31+02:00
[GERMAN] Check Point warnt vor aktiv ausgenutzter VPN-Schwachstelle
Check Point informiert Kunden über eine aktiv ausgenutzte Schwachstelle in bestimmten VPN-Konfigurationen. Die kritische Lücke CVE-2026-50751 betrifft VPN Remote Access und Mobile Access in Verbindung mit dem veralteten IKEv1-Schlüsselaustausch. Ein Hotfix steht bereit und schließt zusätzlich eine weitere VPN-Schwachstelle.
Published: 2026-06-08T16:00:00+02:00
[ENGLISH] Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups
Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user
Published: 2026-06-08T19:47:39+05:30
[GERMAN] Check Point warnt: Angreifer umgehen VPN-Authentifizierung
Angreifer missbrauchen eine kritische Sicherheitslücke in Check-Point-VPN-Software. Sie können dadurch die Authentifizierung umgehen.
Published: 2026-06-09T08:42:00+00:00
[ENGLISH] Check Point Warns Critical Auth Bypass Bug Exploited in the Wild
Check Point says a critical vulnerability in its Remote Access VPN and Mobile Access solutions has been exploited by Qilin
Published: 2026-06-09T09:30:00+00:00
[ENGLISH] CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day
CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]
Published: 2026-06-09T04:18:39-04:00
[GERMAN] Check Point Remote Access VPN und Mobile Access: Mehrere Schwachstellen ermöglichen Umgehen von Sicherheitsvorkehrungen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Check Point Remote Access VPN und Check Point Mobile Access ausnutzen, um Sicherheitsvorkehrungen zu umgehen.
Published: 2026-06-08T22:00:00+00:00

References

https://support.checkpoint.com/results/sk/sk185033

https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751