CVE-2026-50752

Summary

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

Affected Software

VendorProductVersion RangeStatus
checkpointQuantum Security GatewayR82.10 with Jumbo Hotfix Take 19 or belowaffected
checkpointQuantum Security GatewayR82 with Jumbo Hotfix Take 103 or belowaffected
checkpointQuantum Security GatewayR81.20 with Jumbo Hotfix Take 141 or belowaffected
checkpointQuantum Security GatewayR81.10, R81, and R80.40affected
checkpointSpark FirewallsR80.20.X, R81.10.X, and R82.00.Xaffected

Weaknesses

  • CWE-295: CWE-295: Improper Certificate Validation.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References