CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-50752

unknownknown exploitedcovered by 1 sourcefirst seen 2026-06-16
Actively exploited. CVE-2026-50752 is listed in the CISA Known Exploited Vulnerabilities catalog — exploitation has been observed in the wild, and US federal agencies are required to remediate it under BOD 22-01. Treat patching as urgent.
Check Point has fixed vulnerabilities in Remote and Mobile Access VPN products, specifically for implementations using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments using the outdated IKEv1 protocol. The vulnerabilities CVE-2026-50751 and CVE-2026-50752 affect VPN authentication and certificate validation. These vulnerabilities allow attackers to gain access to VPN environments without valid authentication. The vulnerability CVE-2026-50751 has been exploited as a zero-day. According to Check Point, ransomware was also deployed in one case following this exploitation. The first detected exploitation dates back to May 7. The IKEv1 protocol is an outdated protocol still used in such implementations. The NCSC-NL expects large-scale exploitation to occur in the near term and urges organizations to follow Check Point's advisory. The NCSC-NL also calls on organizations to check Check Point's IoCs if relevant products using IKEv1 are in use within the organization. UPDATE: Publicly available Proof-of-Concept (PoC) code is now available, increasing the likelihood of exploitation. IOCs 45.77.149[.]152 209.182.225[.]136 38.60.157[.]139 162.33.177[.]101 45.76.26[.]42 144.208.127[.]155 38.54.88[.]201 38.54.107[.]167 66.42.99[.]200 52fda5c1b9704544f32ee98d9060e689 51d39aa39478beeac94f2d12f682ecce

CSIRTS triage

What
Vulnerabilities in IKEv1 protocol allow attackers to access VPN environments without valid authentication.
Who is affected
Users of Check Point Remote and Mobile Access VPN products using IKEv1.
Urgency
Remediation is critical due to confirmed exploitation and the potential for large-scale attacks.
Action
Transition to a more secure key exchange protocol and apply updates from Check Point.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2026-50752

Get an email if CVE-2026-50752 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-50752

CVE.org record

CISA KEV catalog

Embed the live status

CVE-2026-50752 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-50752 status](https://www.csirts.com/badge/CVE-2026-50752)](https://www.csirts.com/cve/CVE-2026-50752)