Critical Check Point VPN Flaw Actively Exploited

Check Point security researchers issued a critical alert in June 2026 after detecting active exploitation of a severe flaw in its VPN products. The vulnerability, which bypasses user authentication, is being leveraged by threat actors targeting a select number of global organizations.

The security weakness, tracked as CVE-2026-50751, is a logic flaw in certificate validation. Consequently, an unauthenticated attacker can establish a remote access VPN session without possessing a valid user password. “By exploiting a logic flaw in certificate validation, an attacker can establish a VPN session without possession of a valid password, effectively bypassing authentication requirements,” Check Point said.

The issue impacts several versions of Security Gateways and Spark Firewalls where specific conditions are met. These include having VPN Remote Access enabled and accepting the legacy IKEv1 key exchange protocol.

Check Point first observed suspicious activity on June 4, 2026, with the earliest exploitation dating to May 7. Meanwhile, post-exploitation activity in one case has been associated with a Qilin ransomware affiliate.

The attackers are reportedly using virtual private server infrastructure to conduct their campaigns. Furthermore, their methods overlap with recent reports on ransomware groups abusing corporate VPNs for initial access.

A second vulnerability, CVE-2026-50752, was discovered during the review. This flaw may allow an adversary-in-the-middle attack on VPN site-to-site connections, though it has not been seen exploited in the wild.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• SBF Seeks Presidential Pardon from Trump
• BitMine Buys $214 Million Worth of ETH Despite Market Slump
• Schiff Accuses MSTR of Share Dilution in Bitcoin Buy
• Strive’s $50M Treasury Bet Loses 3.7% in 3 Months
• Chinese man jailed for Bitcoin theft after memorizing wallet phrase