Date: 06/09/2026
Severity: High
Summary
A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS 9.3), affects Remote Access VPN and Mobile Access deployments that use the deprecated IKEv1 protocol. The flaw allows a remote, unauthenticated attacker to establish a VPN connection without valid credentials by exploiting a weakness in the certificate validation process. Active exploitation has been observed in the wild, with threat actors leveraging the vulnerability to gain initial access to targeted networks. In at least one confirmed case, the access was used to facilitate the deployment of ransomware, highlighting the vulnerability's potential impact as an entry point for Qilin ransomware operations and broader network compromise.
Indicators of Compromise (IOC) List
IP Address: | 45.77.149.152 209.182.225.136 38.60.157.139 162.33.177.101 45.76.26.42 144.208.127.155 38.54.88.201 38.54.107.167 66.42.99.200 |
Hash : | 52fda5c1b9704544f32ee98d9060e689
51d39aa39478beeac94f2d12f682ecce
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | dstipaddress IN ("38.54.88.201","38.54.107.167","45.76.26.42","66.42.99.200","45.77.149.152","209.182.225.136","38.60.157.139","144.208.127.155","162.33.177.101") or srcipaddress IN ("38.54.88.201","38.54.107.167","45.76.26.42","66.42.99.200","45.77.149.152","209.182.225.136","38.60.157.139","144.208.127.155","162.33.177.101") |
Detection Query 2 : | md5hash IN (“52fda5c1b9704544f32ee98d9060e689”,“51d39aa39478beeac94f2d12f682ecce”)
|
Reference:
https://cybersecuritynews.com/check-point-vpn-0-day-vulnerability/