Ravie LakshmananJun 08, 2026Vulnerability / Network Security

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol.

The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

"By exploiting a logic flaw in certificate validation, an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements," Check Point said. "Additional post-authentication activity is required to access internal resources or escalate privileges."

The shortcoming impacts the following products and versions -