CVE Stalker: CVE-2026-50751

CVE Details

CVE-2026-50751 Check Point Security Gateway Improper Authentication Vulnerability

Published: 2026-06-08 CVSS: 9.3 CRITICAL Product: Check Point Security Gateway Due Date: 2026-06-11

Check Point Security Gateway contains an improper authentication vulnerability in IKEv1 key exchange that could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

GitHub PoC

Warning: GitHub PoC repositories are unverified. Some may be fake or contain malware. Use caution and review code before running anything.

No GitHub PoC data.

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

No EPSS data.

Timeline

CVE Stalker KEV MITRE GitHub FIRST (EPSS)

MITRE

CVSS

Score: 9.3
Severity: CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

SSVC

Exploitation: none
Automatable: yes
Technical Impact: partial

References

https://support.checkpoint.com/results/sk/sk185033

Show Raw Data

Key	Remaining Key	Value
dataType		CVE_RECORD
dataVersion		5.2
cveMetadata >	cveId	CVE-2026-50751
cveMetadata >	assignerOrgId	897c38be-0345-43cd-b6cf-fe179e0c4f45
cveMetadata >	state	PUBLISHED
cveMetadata >	assignerShortName	checkpoint
cveMetadata >	dateReserved	2026-06-07T09:42:08.251Z
cveMetadata >	datePublished	2026-06-08T11:07:15.746Z
cveMetadata >	dateUpdated	2026-06-08T16:20:11.403Z
containers >	cna > affected > 0 > product	Quantum Security Gateway
containers >	cna > affected > 0 > vendor	checkpoint
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > version	R82.10 with Jumbo Hotfix Take 19 or below
containers >	cna > affected > 0 > versions > 1 > status	affected
containers >	cna > affected > 0 > versions > 1 > version	R82 with Jumbo Hotfix Take 103 or below
containers >	cna > affected > 0 > versions > 2 > status	affected
containers >	cna > affected > 0 > versions > 2 > version	R81.20 with Jumbo Hotfix Take 141 or below
containers >	cna > affected > 0 > versions > 3 > status	affected
containers >	cna > affected > 0 > versions > 3 > version	R81.10, R81, and R80.40
containers >	cna > affected > 1 > product	Spark Firewalls
containers >	cna > affected > 1 > vendor	checkpoint
containers >	cna > affected > 1 > versions > 0 > status	affected
containers >	cna > affected > 1 > versions > 0 > version	R80.20.X, R81.10.X, and R82.00.X
containers >	cna > title	User Authentication Bypass in VPN Remote Access and Mobile Access
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
containers >	cna > problemTypes > 0 > descriptions > 0 > cweId	CWE-287
containers >	cna > problemTypes > 0 > descriptions > 0 > description	CWE-287: Improper Authentication.
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	cna > providerMetadata > orgId	897c38be-0345-43cd-b6cf-fe179e0c4f45
containers >	cna > providerMetadata > shortName	checkpoint
containers >	cna > providerMetadata > dateUpdated	2026-06-08T11:07:15.746Z
containers >	cna > references > 0 > url	https://support.checkpoint.com/results/sk/sk185033
containers >	cna > metrics > 0 > format	CVSS
containers >	cna > metrics > 0 > scenarios > 0 > lang	en
containers >	cna > metrics > 0 > scenarios > 0 > value	GENERAL
containers >	cna > metrics > 0 > other > type	CVSSv4.0
containers >	cna > metrics > 0 > other > content > version	4.0
containers >	cna > metrics > 0 > other > content > attackVector	NETWORK
containers >	cna > metrics > 0 > other > content > attackComplexity	LOW
containers >	cna > metrics > 0 > other > content > attackRequirements	NONE
containers >	cna > metrics > 0 > other > content > privilegesRequired	NONE
containers >	cna > metrics > 0 > other > content > userInteraction	NONE
containers >	cna > metrics > 0 > other > content > vulnConfidentialityImpact	HIGH
containers >	cna > metrics > 0 > other > content > vulnIntegrityImpact	HIGH
containers >	cna > metrics > 0 > other > content > vulnAvailabilityImpact	LOW
containers >	cna > metrics > 0 > other > content > subConfidentialityImpact	NONE
containers >	cna > metrics > 0 > other > content > subIntegrityImpact	NONE
containers >	cna > metrics > 0 > other > content > subAvailabilityImpact	NONE
containers >	cna > metrics > 0 > other > content > baseScore	9.3
containers >	cna > metrics > 0 > other > content > baseSeverity	CRITICAL
containers >	cna > metrics > 0 > other > content > vectorString	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
containers >	adp > 0 > references > 0 > url	https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
containers >	adp > 0 > references > 0 > tags > 0	vendor-advisory
containers >	adp > 0 > metrics > 0 > cvssV3_1 > scope	CHANGED
containers >	adp > 0 > metrics > 0 > cvssV3_1 > version	3.1
containers >	adp > 0 > metrics > 0 > cvssV3_1 > baseScore	9.3
containers >	adp > 0 > metrics > 0 > cvssV3_1 > attackVector	NETWORK
containers >	adp > 0 > metrics > 0 > cvssV3_1 > baseSeverity	CRITICAL
containers >	adp > 0 > metrics > 0 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
containers >	adp > 0 > metrics > 0 > cvssV3_1 > integrityImpact	LOW
containers >	adp > 0 > metrics > 0 > cvssV3_1 > userInteraction	NONE
containers >	adp > 0 > metrics > 0 > cvssV3_1 > attackComplexity	LOW
containers >	adp > 0 > metrics > 0 > cvssV3_1 > availabilityImpact	NONE
containers >	adp > 0 > metrics > 0 > cvssV3_1 > privilegesRequired	NONE
containers >	adp > 0 > metrics > 0 > cvssV3_1 > confidentialityImpact	HIGH
containers >	adp > 0 > metrics > 1 > other > type	ssvc
containers >	adp > 0 > metrics > 1 > other > content > timestamp	2026-06-08T16:20:03.588285Z
containers >	adp > 0 > metrics > 1 > other > content > id	CVE-2026-50751
containers >	adp > 0 > metrics > 1 > other > content > options > 0 > Exploitation	none
containers >	adp > 0 > metrics > 1 > other > content > options > 1 > Automatable	yes
containers >	adp > 0 > metrics > 1 > other > content > options > 2 > Technical Impact	partial
containers >	adp > 0 > metrics > 1 > other > content > role	CISA Coordinator
containers >	adp > 0 > metrics > 1 > other > content > version	2.0.3
containers >	adp > 0 > title	CISA ADP Vulnrichment
containers >	adp > 0 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 0 > providerMetadata > shortName	CISA-ADP
containers >	adp > 0 > providerMetadata > dateUpdated	2026-06-08T16:20:11.403Z