ON June 8, 2026, Check Point disclosed a critical zero-day vulnerability, CVE-2026-50751, in its Remote Access VPN and Firewall products. This vulnerability, with a CVSS score of 9.3, allows unauthenticated attackers to establish VPN sessions due to a logic flaw in IKEv1 key exchange, particularly affecting legacy configurations. Active exploitation has been observed since May 7, 2026, with potential links to ransomware attacks. Check Point has released hotfixes and urges immediate updates.
Alternative mitigations include removing support for legacy clients, enforcing IKEv2 only, and enabling machine certificate authentication. Organizations are advised to search for signs of compromise and conduct audits since the noted exploitation date.