CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0179 [1.01] [H/H] Vulnerabilities fixed in Check Point Remote and Mobile Access VPN products

unknownknown exploitedpublic exploitCVE-2026-50751CVE-2026-50752
Actively exploited. At least one CVE in this advisory is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild. Treat remediation as urgent.
Check Point has fixed vulnerabilities in Remote and Mobile Access VPN products, specifically for implementations using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments using the outdated IKEv1 protocol. The vulnerabilities CVE-2026-50751 and CVE-2026-50752 affect VPN authentication and certificate validation. These vulnerabilities allow attackers to gain access to VPN environments without valid authentication. The vulnerability CVE-2026-50751 has been exploited as a zero-day. According to Check Point, ransomware was also deployed in one case following this exploitation. The first detected exploitation dates back to May 7. The IKEv1 protocol is an outdated protocol still used in such implementations. The NCSC-NL expects large-scale exploitation to occur in the near term and urges organizations to follow Check Point's advisory. The NCSC-NL also calls on organizations to check Check Point's IoCs if relevant products using IKEv1 are in use within the organization. UPDATE: Publicly available Proof-of-Concept (PoC) code is now available, increasing the likelihood of exploitation. IOCs 45.77.149[.]152 209.182.225[.]136 38.60.157[.]139 162.33.177[.]101 45.76.26[.]42 144.208.127[.]155 38.54.88[.]201 38.54.107[.]167 66.42.99[.]200 52fda5c1b9704544f32ee98d9060e689 51d39aa39478beeac94f2d12f682ecce

CSIRTS triage

What
Vulnerabilities in IKEv1 protocol allow attackers to access VPN environments without valid authentication.
Who is affected
Users of Check Point Remote and Mobile Access VPN products using IKEv1.
Urgency
Remediation is critical due to confirmed exploitation and the potential for large-scale attacks.
Action
Transition to a more secure key exchange protocol and apply updates from Check Point.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Remote and Mobile Access VPN products

Get an email when a new Remote and Mobile Access VPN products advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-06-16
Exploitation
Observed in the wild (CISA KEV)
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0179

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-50751coverage & exploitation statusNVD · CVE.org
CVE-2026-50752coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

More from NCSC-NL Advisories