Vulnerability intelligence
CVE-2026-50752
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
CVSS Score
7.4
High
EPSS — Exploit Probability
0.0%
Riskier than 10% of all CVEs
Exploitation
Not in CISA KEV
No federal exploitation record
Remediation
unknown
Check vendor advisories
4 articles across 4 outlets · first covered Jun 8, 2026 · latest Jun 9, 2026
Associated threat actors
Coverage timeline
-
Check Point Warns Critical Auth Bypass Bug Exploited in the Wildwww.infosecurity-magazine.com · Jun 9, 2026
-
Check Point VPN Zero-Day Exploited in Qilin Ransomware Attackswww.securityweek.com · Jun 9, 2026
-
Check Point warns of IKEv1 flaw linked to Qilin ransomwarewww.darkreading.com · Jun 8, 2026
-
Check Point VPN Vulnerability Exploited in the Wild with Ransomware Linkssecurityonline.info · Jun 8, 2026