CHECK Point has identified a critical zero-day vulnerability (CVE-2026-50751) affecting its Security Gateways and Spark Firewalls, specifically in implementations using the deprecated IKEv1 key exchange protocol. This authentication bypass flaw, assigned a CVSS score of 9.3, has been actively exploited since early May, affecting targeted organizations globally, particularly associated with a Qilin ransomware affiliate. Another related flaw (CVE-2026-50752) presents a risk of man-in-the-middle attacks (CVSS 7.4).
Customers are urged to patch their systems immediately to mitigate risks, as exploitation has been confirmed and increased recently. The advisory also points out that only a limited number of Check Point clients are likely affected, as IKEv1 is considered legacy.