CVE-2026-50751

Name: CVE-2026-50751
Creator: NVD / NIST
Published: 2026-06-08T12:16:32.367+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.3/10Actively ExploitedEPSS 71.05%

Last modified Jun 17, 2026

CVE-2026-50751 is a critical-severity vulnerability rated 9.3/10 on the CVSS scale. A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.. CISA has confirmed active exploitation in the wild. EPSS estimates a 71.05% chance of exploitation in the next 30 days.

Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Metrics

CVSS 3.1

9.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

EPSS Probability

71.05%

99.3th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jun 11, 2026.

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Checkpoint	Gaia Os	>= r80.40, < r81.20
Checkpoint	Gaia Os	r81.20
Checkpoint	Gaia Os	r82
Checkpoint	Gaia Os	r82.10
Checkpoint	Gaia Embedded	>= r80.20.00, < r81.10.17
Checkpoint	Gaia Embedded	r81.10.17
Checkpoint	Gaia Embedded	>= r80.20.00, < r82.00.10
Checkpoint	Gaia Embedded	r82.00.10

References

https://support.checkpoint.com/results/sk/sk185033Mitigation, Patch, Vendor Advisory
https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751US Government Resource

Timeline

Published: Jun 8, 2026
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2026-50751?

How severe is CVE-2026-50751?

CVE-2026-50751 has a CVSS score of 9.3/10 (CRITICAL severity). The EPSS model estimates a 71.05% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2026-50751?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2026-50751?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST