Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point issued a warning on March 18, 2024, about the active exploitation of a critical vulnerability affecting Remote Access VPN and Mobile Access deployments using the IKEv1 protocol. The flaw, identified as CVE-2026-50751 with a CVSS score of 9.3, is a logic flow weakness in certificate validation. This vulnerability enables an unauthenticated remote attacker to bypass user authentication, effectively gaining unauthorized access to protected networks. The exploitation targets configurations that have not migrated away from the older IKEv1 protocol, which is considered deprecated. Check Point's Quantum Security Gateway and Harmony Connect solutions are among those potentially impacted if configured with IKEv1. The company has released security advisories and recommends immediate mitigation steps, including upgrading to IKEv2 or disabling IKEv1 where possible, and ensuring all security gateways are updated with the latest security hotfixes.