VulnerabilityBleeping Computer
9.3 — CRITICAL
Check Point links VPN zero-day attacks to Qilin ransomware gang
Israeli cybersecurity company Check Point has released security updates to patch a critical flaw affecting Remote Access VPN and Mobile Access deployments, which was exploited in zero-day attacks. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Check Point has identified a zero-day vulnerability (CVE-2026-50751) in their Remote Access VPN and Mobile Access deployments, which was exploited by the Qilin ransomware gang, allowing attackers to bypass authentication and establish remote access VPN connections. The attack vector is network-based, with low complexity.
⚙️Technical Details
CVEs
CVE-2026-50751CVE-2026-50752Affected Systems: Check Point Remote Access VPN and Mobile Access deployments
Affected Systems
Check Point Remote Access VPN and Mobile Access deployments
Attack Vectors
NETWORK
💥Impact Assessment
Severity: CRITICAL
🛡️Recommended Actions
1Apply security updates immediately for vulnerable systems
2Remove support for legacy remote access client
3Configure global properties for Remote Access VPN Authentication to IKEv2 only
📦Affected Products
Check Point Remote Access VPN and Mobile Access deployments
🔐NVD Verified DataVERIFIED
CVE-2026-50751 ↗CVSS 9.3 — CRITICAL
Attack Vector
NETWORK
Complexity
LOW
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:NWeaknesses
CWE-287
CVE-2026-50752 ↗CVSS 7.4 — HIGH
Attack Vector
NETWORK
Complexity
HIGH
Vector String
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NWeaknesses
CWE-295
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.