CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access systems against a critical vulnerability that is already being exploited in zero-day attacks by Qilin ransomware affiliates.
The flaw, tracked as CVE-2026-50751, allows unauthenticated remote attackers to bypass authentication and create a remote access VPN connection on affected Check Point systems. The issue impacts Mobile Access and SSL VPNs, Remote Access VPNs, and Spark firewalls.
According to Check Point, the vulnerability only affects deployments using the older IKEv1 key exchange protocol. It also requires security gateways that do not require a machine certificate for connections and still accept legacy Remote Access clients.
Check Point released security updates for the flaw on Monday and confirmed that attacks exploiting the vulnerability began on May 7 before increasing over the weekend. The company said the attacks have affected only a few dozen organizations worldwide so far, but at least one confirmed case involved post-compromise activity linked to a Qilin ransomware affiliate.
Qilin is a ransomware-as-a-service operation that has listed more than 400 victims on its dark web leak site since it first appeared in August 2022.
Check Point urged customers using the IKEv1 key exchange protocol to install the available security updates immediately. For organizations that cannot patch right away, the company recommends removing support for legacy remote access clients, switching Remote Access VPN authentication to IKEv2 only, enabling IPS signatures, and making machine certificate authentication mandatory.
CISA added CVE-2026-50751 to its Known Exploited Vulnerabilities catalog and ordered Federal Civilian Executive Branch agencies to secure their devices by June 11 under Binding Operational Directive 22-01.
The agency warned that this type of vulnerability is commonly used by malicious hackers and poses a serious risk to federal networks. CISA also urged private sector organizations and other security teams to apply the patches or follow Check Point’s mitigation guidance as soon as possible.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
