InfoSecBulletin Cybersecurity for mankind
Check Point Research found that CVE-2026-50751, a serious flaw in Check Point Remote Access VPN and Mobile Access, is being actively used by attackers. It can let them bypass authentication (CVSS 9.3).
CVE-2026-50751 affects systems using the old IKEv1 key exchange method. A remote attacker can take advantage of a mistake in checking certificates. This lets them create a VPN session without needing a real user password, skipping all security checks.
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
CVE-2026-20230
Cisco Patches in Unified CM as Exploit Code Goes Public
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
The flaw impacts Mobile Access / SSL VPN, Remote Access VPN, and Spark Firewall products from versions R80.20.X to R82.10. After getting in through the bypass, extra steps are needed to reach internal resources or gain higher privileges.
Check Point Research began its study on June 4, 2026, after signs of strange activity were found, which traced back to attempts to exploit starting on May 7, 2026.
Exploitation attempts increased a lot in early June 2026, aiming at several organizations worldwide. Incident response teams need to focus on checking forensic logs and reviewing settings from the first day of known exploitation.
The threat actor is believed to be money-driven, using Qilin Linux ransomware files and trying to download harmful ELF files from their own servers.
Second Vulnerability – CVE-2026-50752
During the CVE-2026-50751 investigation, Check Point’s AI tool BLAST found another issue: CVE-2026-50752 (CVSS 7.4).
This security flaw affects how certificates are checked in the old IKEv1 key exchange. It can allow man-in-the-middle (MitM) attacks on VPN connections between sites in certain situations. Although it hasn’t been seen being used yet, customers should update their systems now.
Indicators of Compromise (IOCs)
Malicious IPs:
45.77.149[.]152, 209.182.225[.]136, 38.60.157[.]139, 162.33.177[.]101, 45.76.26[.]42
144.208.127[.]155, 38.54.88[.]201, 38.54.107[.]167, 66.42.99[.]200
File Hashes (MD5):
52fda5c1b9704544f32ee98d9060e689
51d39aa39478beeac94f2d12f682ecce
Mitigations
Check Point warns all customers with affected versions to quickly apply the hotfix for their Security Gateways. If organizations can’t patch right away, they should follow these temporary steps:
Remove support for legacy remote access clients.
Configure Remote Access VPN Authentication to IKEv2 only.
Set Machine Certificate Authentication as mandatory.
Enable IPS and download the latest signatures.
