CVE-2026-50751 PUBLISHED

User Authentication Bypass in VPN Remote Access and Mobile Access

Assigner: checkpoint
Reserved: 07.06.2026 Published: 08.06.2026 Updated: 08.06.2026

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Product Status

Vendor	checkpoint
Product	Quantum Security Gateway
Versions	Version R82.10 with Jumbo Hotfix Take 19 or below is affected Version R82 with Jumbo Hotfix Take 103 or below is affected Version R81.20 with Jumbo Hotfix Take 141 or below is affected Version R81.10, R81, and R80.40 is affected

Vendor	checkpoint
Product	Spark Firewalls
Versions	Version R80.20.X, R81.10.X, and R82.00.X is affected

References

https://support.checkpoint.com/results/sk/sk185033

Problem Types

CWE-287: Improper Authentication. CWE