vulnerability context

CVE-2026-50752

CVSS 7.4 HIGHEPSS 9.5%CWE-295OTX 4 pulses

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

Published 2026-06-08 · last modified 2026-06-08

details

CISA KEV status: Not in catalog
CVSS v3: 7.4 / HIGH
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS: 9.5% percentile (score 0.0003)
CWE: CWE-295
OTX pulses: 4 total, 0 recent

View on NVD → · cve.org

source mentions 2

[Cybersecurity News Everyday] Check Point disclosed CVE-2026-50751, a critical VPN auth bypass exploited as a zero-day since May 7...Bluesky · 19h ago
[Cybersecurity News Everyday] Check Point says CVE-2026-50751 is actively exploited to bypass auth in deprecated IKEv1 VPN setups,...Bluesky · 1d ago

source consensus

Bluesky2×

Want the 3-bullet summary of CVE-2026-50752, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →