CVE-2026-50751

CVE-2026-50751: User Authentication Bypass in VPN Remote Access and Mobile Access

Vendor Checkpoint
Product Quantum Security Gateway
Weakness CWE-287 · Improper authentication
KEV Status Known Exploited
Ransomware Used in campaigns
Published June 8, 2026
Last update June 10, 2026

CVSS base score

What the vulnerability does

01Description

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

June 8, 2026 CVE published
June 10, 2026 Record updated