Check Point Issues Urgent Warning Over Zero-Day Vulnerability in VPN Solutions
Check Point Software Technologies, a prominent cybersecurity vendor, has issued a critical alert to its customers regarding a zero-day vulnerability affecting its Remote Access VPN and Mobile Access solutions. This vulnerability, identified as CVE-2026-50751, is currently being actively exploited by cybercriminals, prompting immediate action for users to patch their systems.
CVE-2026-50751 is classified as an authentication bypass flaw, which specifically impacts deployments configured to utilize the outdated IKEv1 key exchange protocol. This vulnerability allows malicious actors to exploit a weakness in the logic flow of the Remote Access and Mobile Access solutions, thereby bypassing user authentication. Check Point explained that attackers can establish a remote access VPN connection without the need for a valid user password by taking advantage of this oversight in certificate validation processes.
On June 8, Check Point disclosed that the threat actors behind this exploitation—including an affiliate of the notorious Qilin ransomware group—have successfully leveraged this vulnerability during post-compromise activity. The findings further underline the urgency of addressing this critical security issue. Check Point cautioned that they have observed active exploitation of this flaw in various environments, underscoring the importance of prompt remediation.
Detailed investigations revealed that the vulnerability has been exploited since May 7, with a noticeable increase in malicious attempts beginning in early June. In response, Check Point initiated an investigation on June 4 and noted that, to date, the successful attacks have been limited to a “few dozen targeted organizations” across the globe.
The cybersecurity firm assessed that the actors exploiting CVE-2026-50751 are likely financially motivated, utilizing Qilin ransomware as part of their operations. There is a growing concern that this particular group is also exploiting additional vulnerabilities related to VPNs, including those linked to products released by Palo Alto, Fortinet, and F5 Networks. This broader strategy reflects an evolving tactic by cybercriminals to take advantage of security weaknesses across multiple platforms to maximize their return.
To facilitate these attacks, it appears that the affiliate used specific dedicated virtual private server (VPS) infrastructure, with some of the IP addresses employed being hosted by various providers such as Kaupo Cloud HK, Shock Hosting, and Vultr Holdings. This tactic highlights the increasing sophistication of cybercriminal operations, which utilize advanced cloud-based resources to execute their malicious activities.
Discovery of Additional Vulnerability
In the course of investigating the primary vulnerability, Check Point also identified another flaw, labeled CVE-2026-50752, which carries a CVSS score of 7.4. While this second vulnerability is currently not being exploited by threat actors, the potential for misuse under certain conditions remains a concern. CVE-2026-50752 impacts certificate validation within the deprecated IKEv1 key exchange and may permit man-in-the-middle interference with site-to-site VPN communications, indicating that even though it isn’t under active attack, it could pose risks if left unaddressed.
Check Point provided reassurance that they have not witnessed any active exploitation of this secondary vulnerability. However, to safeguard against any future compromises, the company advised customers to apply relevant updates to mitigate any possible exposure.
In light of these vulnerabilities, Check Point strongly encourages all affected customers to promptly update their systems using the published hotfix. The security of remote access solutions has never been more critical, especially in the current landscape where cyber threats are constantly adapting and evolving. By staying informed and taking action against these vulnerabilities, organizations can better protect themselves against potential breaches and ensure the safety of their sensitive data.
As the cybersecurity landscape continues to become increasingly complex, ongoing vigilance, timely updates, and robust security measures are essential for organizations to defend against emerging threats.