Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups

Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The vulnerability, tracked as CVE-2026-50751 (CVSS score: 9.3), is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user

The article reports a critical authentication bypass vulnerability, CVE-2026-50751 (CVSS 9.3), in Check Point Remote Access and Mobile Access VPNs that still use the deprecated IKEv1 protocol, allowing unauthenticated remote attackers to establish VPN sessions without valid passwords via a certificate validation logic flaw.[1][2][4] Check Point and independent reporting confirm active exploitation since May 7, 2026, including use by financially motivated actors linked to Qilin ransomware, with a few dozen organizations targeted globally.[2][3][4] From a CyberSE.AI perspective, any AI agents or AI platforms that rely on these VPNs to protect access to training data, model artifacts, or orchestration backends are exposed to potential network-layer compromise, enabling lateral movement into AI infrastructure, theft or manipulation of models and data, and subversion of AI supply-chain controls. Organizations should rapidly patch or disable IKEv1, enforce stronger certificate and IKEv2-only configurations, and include VPN components and their patch status in AI security readiness reviews and SBOM-driven supply-chain risk management for AI systems.