CVE-2026-50751

User Authentication Bypass in VPN Remote Access and Mobile Access

Published: Jun 8, 2026Updated: Jun 8, 2026 Sources: CVE List NVD

9.3CVSS

CRITICAL

A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.

EPSS Score

0.0%

Top 98.8%

CISA KEV

Active Exploitation

Since Jun 8, 2026

Exploits

No Known Exploits

Remediation

No Fix Available

CVSS Vector Breakdown

Exploitability

AV:NAttack Vector

Network

AC:LAttack Complexity

Low

PR:NPrivileges Required

None

UI:NUser Interaction

None

Scope

S:CScope

Changed

Impact

C:HConfidentiality

High

I:LIntegrity

Low

A:NAvailability

None

Weaknesses

CWE-287

Affected Products

Quantum Security Gateway

checkpoint

Spark Firewalls

checkpoint

Attack Graph

Products CVE Techniques Tactics

Click technique nodes to view MITRE ATT&CK details. Scroll to zoom, drag to pan.

Exploitability

CISA Known Exploited Vulnerability

Added to KEV:Jun 8, 2026

Remediation due:Jun 11, 2026

Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.