Feed›Vulnerability›CISA gives feds 3 days to patch Check Point VPN bug exploite...

VulnerabilityBleeping Computer

9.3 — CRITICAL

CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day

📅 9 June 2026 at 08:18 UTC📰 Bleeping ComputerView original source ↗

CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. [...]

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A zero-day vulnerability (CVE-2026-50751) in Check Point's Remote Access VPN and Mobile Access deployments has been exploited by Qilin ransomware affiliates, allowing unauthenticated remote attackers to bypass authentication and establish a remote access VPN connection. This critical vulnerability affects only instances configured to use the deprecated IKEv1 key exchange protocol.

⚙️Technical Details

CVEs

CVE-2026-50751CVE-2024-24919

Affected Systems

Check Point Remote Access VPN and Mobile Access deployments

Attack Vectors

NETWORK

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

U.S. government agencies, including Federal Civilian Executive Branch (FCEB) agencies

🛡️Recommended Actions

1Apply security updates to patch the vulnerability as soon as possible

2Remove support for legacy remote access client and configure global properties for Remote Access VPN Authentication to IKEv2 only

3Enable IPS and download signatures, and configure Machine Certificate Authentication as mandatory

📦Affected Products

Checkpoint Cloudguard Network SecurityCheckpoint Quantum Security GatewayCheckpoint Quantum Security Gateway FirmwareCheckpoint Quantum SparkCheckpoint Quantum Spark Firmware

🔐NVD Verified DataVERIFIED

CVE-2026-50751 ↗CVSS 9.3 — CRITICAL

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N

Weaknesses

CWE-287

CVE-2024-24919 ↗CVSS 8.6 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Weaknesses

CWE-200

Affected Products (CPE)

Checkpoint Cloudguard Network SecurityCheckpoint Quantum Security GatewayCheckpoint Quantum Security Gateway FirmwareCheckpoint Quantum SparkCheckpoint Quantum Spark Firmware

Patches & References

🔧 https://support.checkpoint.com/results/sk/sk182336 🔧 https://support.checkpoint.com/results/sk/sk182336 📋 https://support.checkpoint.com/results/sk/sk182336 📋 https://support.checkpoint.com/results/sk/sk182336

Read the full article

This is a curated summary. The complete article is available at Bleeping Computer.

Read on Bleeping Computer ↗

← Back to feed