Critical Check Point VPN Flaw (CVE-2026-50751) Actively Exploited to Bypass Authentication

Check Point has issued a warning regarding the active exploitation of a critical vulnerability (CVE-2026-50751, CVSS score: 9.3) affecting its Remote Access VPN and Mobile Access deployments configured with the deprecated IKEv1 protocol. The flaw is a logic error in certificate validation, enabling unauthenticated remote attackers to bypass user passwords and establish VPN connections. Exploitation has been linked to a Qilin ransomware affiliate.