CVE-2026-50751
User Authentication Bypass in VPN Remote Access and Mobile Access
CVSS Score
9.3
EPSS Score
0.0%
EPSS Percentile
1th
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
| CWE | CWE-287 |
| Vendor | checkpoint |
| Product | quantum security gateway |
| Published | Jun 8, 2026 |
| Last Updated | Jun 9, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for checkpoint quantum security gateway
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-50751.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
checkpoint / Quantum Security Gateway
R82.10 with Jumbo Hotfix Take 19 or below R82 with Jumbo Hotfix Take 103 or below R81.20 with Jumbo Hotfix Take 141 or below R81.10, R81, and R80.40
checkpoint / Spark Firewalls
R80.20.X, R81.10.X, and R82.00.X
References
support.checkpoint.com: https://support.checkpoint.com/results/sk/sk185033 blog.checkpoint.com: https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751