CVE-2026-50751: Check Point Security Gateway Improper Authentication Vulnerability
Published Jun 8, 2026
·Updated
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Affected Software
94 affected components
Check Point Security Gateway
Checkpoint Gaia Os>=r80.40<r81.20
Checkpoint Gaia Os=r81.20
Checkpoint Gaia Os=r81.20-take_10
Checkpoint Gaia Os=r81.20-take_101
Checkpoint Gaia Os=r81.20-take_103
Checkpoint Gaia Os=r81.20-take_105
Checkpoint Gaia Os=r81.20-take_111
Checkpoint Gaia Os=r81.20-take_113
Checkpoint Gaia Os=r81.20-take_115
Checkpoint Gaia Os=r81.20-take_118
Checkpoint Gaia Os=r81.20-take_119
Checkpoint Gaia Os=r81.20-take_120
Checkpoint Gaia Os=r81.20-take_122
Checkpoint Gaia Os=r81.20-take_126
Checkpoint Gaia Os=r81.20-take_127
Checkpoint Gaia Os=r81.20-take_14
Checkpoint Gaia Os=r81.20-take_141
Checkpoint Gaia Os=r81.20-take_24
Checkpoint Gaia Os=r81.20-take_26
Checkpoint Gaia Os=r81.20-take_38
Checkpoint Gaia Os=r81.20-take_41
Checkpoint Gaia Os=r81.20-take_43
Checkpoint Gaia Os=r81.20-take_45
Checkpoint Gaia Os=r81.20-take_53
Checkpoint Gaia Os=r81.20-take_54
Checkpoint Gaia Os=r81.20-take_65
Checkpoint Gaia Os=r81.20-take_70
Checkpoint Gaia Os=r81.20-take_76
Checkpoint Gaia Os=r81.20-take_79
Checkpoint Gaia Os=r81.20-take_8
Checkpoint Gaia Os=r81.20-take_84
Checkpoint Gaia Os=r81.20-take_89
Checkpoint Gaia Os=r81.20-take_90
Checkpoint Gaia Os=r81.20-take_92
Checkpoint Gaia Os=r81.20-take_96
Checkpoint Gaia Os=r81.20-take_98
Checkpoint Gaia Os=r81.20-take_99
Checkpoint Gaia Os=r82
Checkpoint Gaia Os=r82-take_10
Checkpoint Gaia Os=r82-take_103
Checkpoint Gaia Os=r82-take_12
Checkpoint Gaia Os=r82-take_14
Checkpoint Gaia Os=r82-take_18
Checkpoint Gaia Os=r82-take_19
Checkpoint Gaia Os=r82-take_25
Checkpoint Gaia Os=r82-take_33
Checkpoint Gaia Os=r82-take_34
Checkpoint Gaia Os=r82-take_36
Checkpoint Gaia Os=r82-take_39
Checkpoint Gaia Os=r82-take_41
Checkpoint Gaia Os=r82-take_43
Checkpoint Gaia Os=r82-take_44
Checkpoint Gaia Os=r82-take_60
Checkpoint Gaia Os=r82-take_73
Checkpoint Gaia Os=r82-take_91
Checkpoint Gaia Os=r82.10
Checkpoint Gaia Os=r82.10-take_19
Checkpoint Gaia Os=r82.10-take_6
All of the following
Any of the following
Checkpoint Gaia Embedded>=r80.20.00<r81.10.17
Checkpoint Gaia Embedded=r81.10.17
Checkpoint Gaia Embedded=r81.10.17-build_996004508
Checkpoint Gaia Embedded=r81.10.17-build_996004620
Checkpoint Gaia Embedded=r81.10.17-build_996004653
Checkpoint Gaia Embedded=r81.10.17-build_996004721
Checkpoint Gaia Embedded=r81.10.17-build_996004892
Any of the following
Checkpoint Quantum Spark 1530
Checkpoint Quantum Spark 1550
Checkpoint Quantum Spark 1570
Checkpoint Quantum Spark 1570r
Checkpoint Quantum Spark 1590
Checkpoint Quantum Spark 1595r
Checkpoint Quantum Spark 1600
Checkpoint Quantum Spark 1800
Checkpoint Quantum Spark 1900
Checkpoint Quantum Spark 2000
All of the following
Any of the following
Checkpoint Gaia Embedded>=r80.20.00<r82.00.10
Checkpoint Gaia Embedded=r82.00.10
Checkpoint Gaia Embedded=r82.00.10-build_998001559
Checkpoint Gaia Embedded=r82.00.10-build_998001562
Checkpoint Gaia Embedded=r82.00.10-build_998002110
Checkpoint Gaia Embedded=r82.00.10-build_998002112
Checkpoint Gaia Embedded=r82.00.10-build_998002133
Checkpoint Gaia Embedded=r82.00.10-build_998002203
Any of the following
Checkpoint Quantum Spark 1535
Checkpoint Quantum Spark 1555
Checkpoint Quantum Spark 1575
Checkpoint Quantum Spark 1575r
Checkpoint Quantum Spark 2530
Checkpoint Quantum Spark 2550
Checkpoint Quantum Spark 2560
Checkpoint Quantum Spark 2570
Checkpoint Quantum Spark 2580
Checkpoint Quantum Spark 2590
Remediation
Information
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Patch Available
Event History
Jun 8, 2026
CVE Published
via CISA·12:00 AM
Known Exploited
via CISA·12:00 AM
Known Ransomware
via CISA·12:00 AM
Data Sourced
via CISA·12:00 AM
RemedyDescriptionAffected Software
CVE Published
via MITRE·11:07 AM
Data Sourced
via MITRE·11:07 AM
DescriptionWeakness
Data Sourced
via NVD·12:16 PM
RemedyDescriptionSeverityWeaknessAffected Software
News Published
via BleepingComputer·01:05 PM
News Published
via BleepingComputer·01:06 PM
News Published
via Dark Reading·08:28 PM
News Published
via Dark Reading·08:48 PM
Jun 9, 2026
News Published
via BleepingComputer·08:18 AM
Frequently Asked Questions
1
What is the severity of CVE-2026-50751?
CVE-2026-50751 is rated as critical with a severity score of 9.3.
2
How do I fix CVE-2026-50751?
To fix CVE-2026-50751, apply the mitigations as per vendor instructions and follow applicable BOD 22-01 guidance.
3
What is the risk associated with CVE-2026-50751?
CVE-2026-50751 poses a significant risk allowing unauthenticated remote access, bypassing user authentication entirely.
4
What type of vulnerability is CVE-2026-50751?
CVE-2026-50751 is classified as an improper authentication vulnerability due to a logic flaw in certificate validation.
5
Is CVE-2026-50751 currently being exploited?
Yes, CVE-2026-50751 is currently being exploited in the wild.