CVE-2026-50751

Summary

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

Affected Software

VendorProductVersion RangeStatus
checkpointQuantum Security GatewayR82.10 with Jumbo Hotfix Take 19 or belowaffected
checkpointQuantum Security GatewayR82 with Jumbo Hotfix Take 103 or belowaffected
checkpointQuantum Security GatewayR81.20 with Jumbo Hotfix Take 141 or belowaffected
checkpointQuantum Security GatewayR81.10, R81, and R80.40affected
checkpointSpark FirewallsR80.20.X, R81.10.X, and R82.00.Xaffected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References