Check Point VPN authentication bypass exploited by ransomware affiliates

Check Point has addressed a critical authentication bypass vulnerability, tracked as CVE-2026-50751, affecting its Remote Access and Mobile Access VPN components. The flaw stems from a logic oversight in how the system validates certificates during the authentication process for IKEv1-based connections. This weakness allows unauthenticated attackers to establish a VPN connection without providing a valid user password. Source