DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:13:27ZSOURCES: 14CRITICAL: 30
⚠ ACTIVE ALERTS
@FalconFeedsio CRITICAL β€” 🚨 Ransomware Alert: The Gentlemen RaaS group continues active DLS postings. Now at 478… /// @DarkWebInformer CRITICAL β€” 🚨 ServiceNow discloses June 5 security update tied to anomalous activity β€” KB3067321.… /// @MsftSecIntel CRITICAL β€” MSTIC analysis of The Gentlemen ransomware (tracked internally): self-propagating… /// @GossiTheDog CRITICAL β€” ServiceNow KB3067321 situation is worse than the vendor comms suggest. Advisory was gated… /// @AlvieriD CRITICAL β€” The '340M OnlyFans' listing on the leak forum is a compiled corpus β€” seller confirmed to…
30Critical Threats
15Active CVEs
1IOCs Tracked
14New Advisories
INTEL FEED/CVE TRACKER/CVE-2026-50751
TLP:WHITEVULNERABILITY BRIEF // CVE-2026-50751PUBLISHED: 2026-06-08
β–  CRITICALCVE-2026-50751β˜… CISA KEV LISTED

Check Point VPN IKEv1 Authentication Bypass Zero-Day

VENDOR: Check Point//PRODUCT: Check Point Security Gateway (Remote Access VPN / Mobile Access / Spark Firewall)
9.3
CRITICAL
CVSS 3.1
βœ“
PATCH STATUS
PATCH AVAILABLE
⚑
EXPLOIT STATUS
PUBLIC EXPLOIT

VULNERABILITY OVERVIEW

A logic-flow weakness (CWE-287) in certificate validation during deprecated IKEv1 key exchange allows an unauthenticated remote attacker to establish a VPN session without valid credentials. Exploited in the wild since at least May 7, 2026 as a zero-day; Check Point confirmed a Qilin ransomware affiliate as one threat actor using the flaw. WatchTowr Labs published a public PoC/DAG (4 GitHub repos noted) confirming authentication bypass. CISA added to KEV on June 8 with a June 11 federal remediation deadline.

CVSS BREAKDOWN

β†—
Attack Vector
NETWORK
β–³
Attack Complexity
LOW
⚷
Privs Required
NONE
β—ˆ
User Interaction
NONE
βŠ•
Scope / Impact
UNCHANGED
C:H Β· I:H Β· A:N
AFFECTED VERSIONSSecurity Gateways R82.10 Jumbo HF Take 19 or below; R82 Jumbo HF Take 103 or below; R81.20 Jumbo HF Take 141 or below; R81.10, R81, R80.40 (EOS); Spark Firewalls R80.20.X, R81.10.X, R82.00.X β€” only when IKEv1 Remote Access is enabled

CITATIONS

  • β†’ https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
  • β†’ https://support.checkpoint.com/results/sk/sk185033
  • β†’ https://labs.watchtowr.com/marking-your-own-homework-check-point-remote-access-vpn-ikev1-authentication-bypass-cve-2026-50751/
  • β†’ https://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751/
  • β†’ https://www.cisa.gov/known-exploited-vulnerabilities-catalog
SHARE BRIEF:βœ• Post on Xin Share on LinkedIn