Check Point says attackers used a zero-day flaw to break into some of its VPN systems, and at least one confirmed follow-on intrusion was linked to the Qilin ransomware operation. The main issue, CVE-2026-50751, is an unauthenticated authentication-bypass bug affecting Remote Access VPN, Mobile Access / SSL VPN, and Spark gateways when configured with deprecated IKEv1, legacy clients, and no mandatory machine certificate; Check Point also disclosed CVE-2026-50752, an IKEv1 certificate-validation flaw that could enable man-in-the-middle attacks on site-to-site VPNs. Exploitation began May 7 and has hit a few dozen organizations globally.
Why it matters: Organizations using affected Check Point VPN setups could be exposed to break-ins without valid credentials, with ransomware risk if attackers get in. This is urgent: apply Check Point's updates immediately or disable IKEv1, require machine certificates, and follow the vendor's mitigations.
Ionut Arghire
2026.06.09
99% relevant
This article is a direct report on the same underlying event, adding specifics that exploitation began on May 7, affected a few dozen targeted organizations globally, involved deprecated IKEv1 certificate-validation logic, and that CISA added CVE-2026-50751 to KEV with a June 11 federal patch deadline; it also notes a second flaw, CVE-2026-50752, enabling site-to-site VPN man-in-the-middle attacks but not observed exploited.
Sergiu Gatlan
2026.06.09
96% relevant
This article is a direct update on the same CVE-2026-50751 zero-day, adding that CISA placed it in the KEV catalog and ordered U.S. federal agencies to patch by June 11 under BOD 22-01, while reiterating exploitation details and mitigations for affected Check Point Remote Access VPN, Mobile Access, and Spark deployments using IKEv1.
2026.06.08
98% relevant
This article is a direct update on the same Check Point VPN zero-day event, adding that exploitation began as early as May 7, that attackers had about a month-long head start before the fix, that several dozen organizations were targeted globally, and that Check Point also disclosed a related second flaw, CVE-2026-50752, affecting IKEv1 site-to-site VPN certificate validation.
Sergiu Gatlan
2026.06.08
100% relevant
This article establishes a new tracked event centered on Check Point's disclosure and patching of CVE-2026-50751 as an exploited zero-day, plus the attribution of at least one post-compromise case to a Qilin ransomware affiliate.
← Back to all stories