User Authentication Bypass in VPN Remote Access and Mobile Access
Summary
| CVE | CVE-2026-50751 |
|---|---|
| State | PUBLISHED |
| Assigner | checkpoint |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-06-08 12:16:32 UTC |
| Updated | 2026-06-09 18:30:55 UTC |
| Description | A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. |
Risk And Classification
Primary CVSS: v3.1 9.3 CRITICAL from ADP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
EPSS: 0.176880000 probability, percentile 0.952480000 (date 2026-06-09)
CISA KEV: Listed on 2026-06-08; due 2026-06-11; ransomware use Known
Problem Types: CWE-287 | CWE-287 CWE-287: Improper Authentication.
| Version | Source | Type | Score | Severity | Vector |
|---|---|---|---|---|---|
| 3.1 | ADP | DECLARED | 9.3 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
| 3.1 | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | Secondary | 9.3 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N |
CVSS v3.1 Breakdown
Attack Vector
NetworkAttack Complexity
LowPrivileges Required
NoneUser Interaction
NoneScope
ChangedConfidentiality
HighIntegrity
LowAvailability
NoneCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
CISA Known Exploited Vulnerability
| Vendor | Check Point |
|---|---|
| Product | Security Gateway |
| Name | Check Point Security Gateway Improper Authentication Vulnerability |
| Required Action | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| Notes | https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ ; https://support.checkpoint.com/results/sk/sk185033?_gl=1*1wqeqhc*_gcl_au*MTI1MzE5MjI2LjE3ODA5MzQ1NTM. ; https://nvd.nist.gov/vuln/detail/CVE-2026-50751 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Checkpoint | Gaia Embedded | All | All | All | All |
| Operating System | Checkpoint | Gaia Embedded | r81.10.17 | - | All | All |
| Operating System | Checkpoint | Gaia Embedded | r81.10.17 | build_996004508 | All | All |
| Operating System | Checkpoint | Gaia Embedded | r81.10.17 | build_996004620 | All | All |
| Operating System | Checkpoint | Gaia Embedded | r81.10.17 | build_996004653 | All | All |
| Operating System | Checkpoint | Gaia Embedded | r81.10.17 | build_996004721 | All | All |
| Operating System | Checkpoint | Gaia Embedded | r81.10.17 | build_996004892 | All | All |
| Operating System | Checkpoint | Gaia Os | All | All | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | - | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_10 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_101 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_103 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_105 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_111 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_113 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_115 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_118 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_119 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_120 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_122 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_126 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_127 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_14 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_141 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_24 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_26 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_38 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_41 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_43 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_45 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_53 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_54 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_65 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_70 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_76 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_79 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_8 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_84 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_89 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_90 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_92 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_96 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_98 | All | All |
| Operating System | Checkpoint | Gaia Os | r81.20 | take_99 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | - | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_10 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_103 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_12 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_14 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_18 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_19 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_25 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_33 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_34 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_36 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_39 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_41 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_43 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_44 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_60 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_73 | All | All |
| Operating System | Checkpoint | Gaia Os | r82 | take_91 | All | All |
| Operating System | Checkpoint | Gaia Os | r82.10 | - | All | All |
| Operating System | Checkpoint | Gaia Os | r82.10 | take_19 | All | All |
| Operating System | Checkpoint | Gaia Os | r82.10 | take_6 | All | All |
| Hardware | Checkpoint | Quantum Spark 1530 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1550 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1570 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1570r | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1590 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1595r | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1600 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1800 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 1900 | - | All | All | All |
| Hardware | Checkpoint | Quantum Spark 2000 | - | All | All | All |
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | Checkpoint | Quantum Security Gateway | affected R82.10 with Jumbo Hotfix Take 19 or below | Not specified |
| CNA | Checkpoint | Quantum Security Gateway | affected R82 with Jumbo Hotfix Take 103 or below | Not specified |
| CNA | Checkpoint | Quantum Security Gateway | affected R81.20 with Jumbo Hotfix Take 141 or below | Not specified |
| CNA | Checkpoint | Quantum Security Gateway | affected R81.10, R81, and R80.40 | Not specified |
| CNA | Checkpoint | Spark Firewalls | affected R80.20.X, R81.10.X, and R82.00.X | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.cisa.gov/known-exploited-vulnerabilities-catalog | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | www.cisa.gov | US Government Resource |
| support.checkpoint.com/results/sk/sk185033 | [email protected] | support.checkpoint.com | Mitigation, Patch, Vendor Advisory |
| blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabil... | 134c704f-9b21-4f2e-91b3-4a467353bcc0 | blog.checkpoint.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
| Source | Time | Event |
|---|---|---|
| ADP | 2026-06-08T00:00:00.000Z | CVE-2026-50751 added to CISA KEV |
There are currently no legacy QID mappings associated with this CVE.