Check Point patches critical VPN flaw exploited in zero-day attacks

Check Point has released security updates to address a critical vulnerability in its Remote Access VPN and Mobile Access deployments that was exploited in zero-day attacks. The flaw, tracked as CVE-2026-50751, allows unauthenticated remote attackers to bypass authentication and establish a VPN connection. This vulnerability affects deployments configured to use the deprecated IKEv1 key exchange protocol. The attacks began on May 7 and have impacted a few dozen organizations worldwide, with at least one incident linked to the Qilin ransomware operation, as reported by Bleeping Computer.

Check Point also identified a second vulnerability, CVE-2026-50752, related to certificate validation in IKEv1, which could be used in man-in-the-middle attacks on site-to-site VPNs, though no exploitation has been confirmed in the wild for this second flaw. Mitigation advice includes removing support for legacy remote access clients, enforcing IKEv2, mandating machine certificate authentication, and enabling IPS. The Qilin ransomware group has a history of targeting prominent organizations across various sectors.

Source: Bleeping Computer