- Check Point Patches Critical VPN Authentication Bypass Flaw (CVE-2026-50751) Used in Ransomware Attacks
- Zero-day exploits since early May, with Qilin deploying ransomware in at least one case
- Customers are encouraged to apply fixes and mitigations immediately
Check Point has stated that it has fixed a vulnerability in its VPN products used in ransomware attacks against dozens of organizations worldwide.
In a security advisory released, the company said it addressed an authentication bypass vulnerability that allowed remote threat actors to establish a remote access VPN connection without a valid user password.
The bug is tracked as CVE-2026-50751 and received a severity score of 9.3/10 (Critical).
Applying the fix
Check Point’s director of research, Lotem Finkelstein, noted that the attacks exploiting this flaw started on May 7, 2026, more than a month ago. In early June, the attacks gained such momentum that it attracted the attention of Check Point, who realized on June 4 that there was an actively exploited zero-day.
But Finkelstein tried to frame the attacks as relatively low-volume: “We have observed indications that the exploit has been limited to a relatively small number of targeted organizations (several dozen globally), primarily over the past few days,” he said, adding that in at least one case the compromise was used to deploy Qilin ransomware.
CVE-2026-50751 is a bug that affects Mobile Access/SSL VPNs, Remote Access VPNs, and Spark Firewalls configured to use the deprecated IKEv1 key exchange protocol.
Check Point now urged its customers to apply the included fixes as well as implement mitigations and other hardening methods as soon as possible. A complete list of indicators of compromise (IoC) can also be found at this link.
The company did not discuss who the victims were or what their industries are, but we know from previous reports that Qilin is a major player that often targets critical infrastructure providers. In February 2026, it added e.g. Transport Workers Union of America (TWU) Local 100 chapter to its data leak site, saying it broke into the organization and was already leaking everything it stole to the dark web.
Via The register
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds.
