Je browser is verouderd en geeft deze website niet correct weer. Download een moderne browser en ervaar het internet beter, sneller en veiliger!

Vulnerabilities patched in Check Point Remote Access VPN

Security alert (foto: Elchinator, Pixabay)

Check Point has patched vulnerabilities in its Remote and Mobile Access VPN products, specifically affecting implementations that use the IKEv1 key exchange protocol. One of the vulnerabilities is already being actively exploited.

Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that use the outdated IKEv1 protocol. This protocol is used within IPsec (Internet Protocol Security) to establish secure connections between two parties, such as VPN clients and servers.

The vulnerabilities, CVE-2026-50751 and CVE-2026-50752, affect VPN authentication and certificate validation. These flaws allow attackers to gain access to VPN environments without valid authentication.

Check Point has confirmed that CVE-2026-50751 has been exploited as a zero-day vulnerability. In one instance, criminals reportedly used it to deploy ransomware.
The Dutch National Cyber Security Centre (NCSC) therefore expects large-scale exploitation of these vulnerabilities in the short term.
 

What should you do?

If your organization uses the affected Check Point products and has IKEv1 enabled, we urge healthcare organizations to check the Indicators of Compromise (IoCs) on Check Point’s website and follow their advice.

Check Point has released hotfixes to address the vulnerabilities CVE-2026-50751 and CVE-2026-50752.

For more information, visit Check Point’s website.