CyberScoopCRITICALVulnerability disclosureBREAKING10h

CVE-2026-50751: Check Point VPN Auth Bypass Exploited by Qilin Before Patch

CVSS 9.3 authentication bypass in Check Point Remote Access VPN enabled Qilin ransomware affiliate intrusions for six weeks before disclosure; patching alone insufficient for already-compromised organizations.

Attack Brief

TargetCheck Point Remote Access VPNVectorAuthentication bypass via certificate-validation logic error in deprecated IKEv1 key-exchange protocolAttributionQilin ransomware affiliate

Technical Details

CVE IDsCVE-2026-50751AffectedCheck Point Remote Access VPN with IKEv1 key-exchange protocol enabled

Impact

Confirmed DamageDozens of organizations compromised worldwide; data exfiltration via Rclone; command-and-control via Tox protocol through disposable VPS infrastructureGeographyworldwide

Context

Similar AttacksPerimeter-dependent security architecture vulnerability where compromised VPN gateway inherits perimeter authority, rendering downstream identity verification and behavior-based detection ineffective against authenticated attacker sessions

Source

https://cyberscoop.com/why-security-patching-is-not-enough-cve-2026-50751-op-ed/on 2026-06-25T00:00:00Z

CVECVE-2026-50751 Incidentvulnerability_disclosure

2 sources

Read full article on CyberScoop →← Back to news