COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2026-50751

CVE-2026-50751

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-06-08
Reference
https://nvd.nist.gov/vuln/detail/CVE-2026-50751
⌖ exploited in the wild shame 65/100 ransomwareexploited-in-wildunpatchedauth-bypass

Check Point Security Gateway allows unauthenticated attackers to bypass VPN authentication via an IKEv1 key exchange flaw.

This critical vulnerability enables remote attackers to establish VPN connections without valid credentials, directly undermining the integrity of remote access systems. For DIB organizations, this creates a high-risk exposure for sensitive data and violates FedRAMP/NIST 800-171 requirements for proper authentication mechanisms. Immediate patching and network segmentation are required to mitigate the risk of unauthorized access.

Shame score — A critical authentication bypass in a widely deployed security product that allows unauthenticated remote access to VPN connections.

Players implicated

Check Point · vendorSecurity Gateway · product

Description

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.