CVE-2026-50751
KEV
🔴 Łataj teraz
Słabość w walidacji certyfikatów IKEv1 umożliwia atakującemu ominięcie uwierzytelnienia VPN.
CVSS
9.3
EPSS
11.8%
Exploit
weaponized
Vendor
checkpoint
Opis źródłowy (NVD)
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
brak
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 11.8% |
| Opublikowano (NVD) | 2026-06-08 12:16:32 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-09 18:30:55 UTC |
Referencje
- https://support.checkpoint.com/results/sk/sk185033 (cve@checkpoint.com) [Mitigation, Patch, Vendor Advisory]
- https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/ (134c704f-9b21-4f2e-91b3-4a467353bcc0) [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-50751 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]