Authentication bypass in Check Point Security Gateway (CVE-2026-50751) — VPN access without a password, CVSS 9.3
Check Point's Security Gateway products have an improper-authentication vulnerability in IKEv1 key exchange that lets an unauthenticated remote attacker bypass user authentication and establish a remote-access VPN connection without a valid user password. CISA listed it as known-exploited (KEV) (CVSS 9.3 Critical).
Key facts
- CVE IDCVE-2026-50751
- CVSS base score9.3 CRITICAL
- CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
- Affected (vendor / product)Check Point Security Gateway
- CWECWE-287
- ExploitationListed in CISA KEV (exploitation confirmed)
- Remediation due2026-06-11 (U.S. federal civilian agencies, BOD 22-01)
Key points
- IKEv1 authentication bypass (CWE-287) in Check Point Security Gateway
- An unauthenticated remote attacker establishes a remote-access VPN connection without a valid password
- Compromise of a perimeter VPN/firewall = a foothold for internal intrusion. CVSS 9.3 (Critical)
- Listed in CISA KEV = exploitation confirmed; remediation deadline was a short June 11, 2026
- Response: fix per vendor, prioritize internet-exposed devices, review VPN connection logs
CVE-2026-50751 is an improper-authentication vulnerability (CWE-287) in Check Point Security Gateway (Check Point's firewall / VPN gateway products). It was added to CISA's KEV catalog on June 8, 2026.
Per NVD, the vulnerability is in IKEv1 key exchange, and an unauthenticated remote attacker can bypass user authentication and establish a remote-access VPN connection without a valid user password. IKE (Internet Key Exchange) is the key-exchange protocol for IPsec VPNs; bypassing authentication here means impersonating a legitimate user to enter the internal network.
Security gateways / VPN devices sit at the boundary between the internal network and the outside and are internet-exposed. Breaking through one without authentication hands an attacker an entry point for internal intrusion. Authentication bypasses on perimeter-defense products have repeatedly been exploited as the initial access vector in ransomware and state-linked attacks, so priority is high.
Key response: apply fixes/mitigations per Check Point's official instructions. For cloud use, follow BOD 22-01, and consider disabling the affected feature if mitigations are unavailable. Internet-exposed VPNs/gateways are especially high priority, and reviewing VPN connection logs is recommended. The federal civilian remediation deadline was a short June 11, 2026.
Why it matters
An authentication bypass (CVSS 9.3) on a perimeter VPN/firewall device. Organizations with Check Point devices at the perimeter should inventory external exposure, patch promptly, and review VPN logs. It reaffirms the importance of priority patching for perimeter/control devices.
FAQ
What is IKEv1?
How dangerous is it?
What should I do?
Sources (primary)
This article is an independent organization based on the U.S. official data below. Always verify the exact, latest details and applicability with the official and vendor sources.
- CISA KEV Catalog (known exploited list)
- NVD (CVE details / CVSS)
- Vendor / reference advisory
- Vendor / reference advisory
- This product uses data from the NVD API but is not endorsed or certified by the NVD. KEV data is CC0 (public domain).