A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
https://www.helpnetsecurity.com/2026/06/12/cve-2026-50751-poc-exploit/
https://www.securityweek.com/check-point-vpn-zero-day-exploited-in-qilin-ransomware-attacks/
https://www.infosecurity-magazine.com/news/check-point-critical-auth-bypass/
https://www.darkreading.com/vulnerabilities-threats/check-point-vpn-flaw-exploited-early-may
https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html