~/blog/news/news-20260609-checkpoint-vpn-zeroday-qilin $
Patch your firewalls! CheckPoint Remote Access VPN Zero Day (CVE-2026-50751)
An authentication bypass bug in Check Point Remote Access VPN is under active ransomware exploitation. Checkpoint is linking the attacks to the Qilin ransomware group.
If you’ve got a Check Point Remote Access VPN facing the internet, today is a patching day. CVE-2026-50751 is an authentication-bypass flaw that lets an unauthenticated attacker establish a remote-access session — and it’s not theoretical: BleepingComputer reports it’s been exploited as a zero-day since May 7, tied to Qilin ransomware affiliates, hitting “a few dozen” orgs so far.
The catch worth knowing: the reporting it only bites instances still using the deprecated IKEv1 key exchange without a machine-certificate requirement. Mobile Access / SSL VPN and Spark firewalls are in scope too. So if you long ago moved to IKEv2 and enforce machine certs, you’re in better shape.
Double check the configurations of your Checkpoint Firewall, review active VPN sessions and connection/authentication logs from well known IOCs, already posted on checkpoint’s support portal.
What to do: apply Check Point’s update. If you can’t patch immediately, the reported mitigations are enforcing IKEv2-only auth, requiring machine-certificate authentication, dropping legacy remote-access client support, and turning on the relevant IPS signatures.
Make sure you are safe and check out checkpoint’s support page to get more details:
https://support.checkpoint.com/results/sk/sk185033
comments
sign in with GitHub · markdown + reactions