High severity7.4NVD Advisory· Published Jun 8, 2026· Updated Jun 8, 2026

CVE-2026-50752

Description

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

Affected products

Checkpoint/VPN 1llm-fuzzy

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.checkpoint.com/results/sk/sk185035nvd

News mentions

Check Point links VPN zero-day attacks to Qilin ransomware gang
BleepingComputer · Jun 8, 2026

cvss	0.481
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000