CVE-2026-50752

high

Description

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

References

References
More

https://www.theregister.com/cyber-crime/2026/06/08/attackers-had-month-long-head-start-on-patched-check-point-vpn-zero-day/5252438

https://www.bleepingcomputer.com/news/security/check-point-links-vpn-zero-day-attacks-to-qilin-ransomware-gang/

https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html

https://support.checkpoint.com/results/sk/sk185035

Details

Source: Mitre, NVD

Published: 2026-06-08

Updated: 2026-06-08

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 7.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00023