The Bottom Line: CVE-2026-50751 enables unauthorized VPN access to Checkpoint Security Gateway and Spark Firewall with IKEv1 enabled; hotfixes are available.
Checkpoint has documented attacks on its Security Gateway and Spark Firewall products that enable unauthorized VPN access via the vulnerability CVE-2026-50751. Multiple version series of both product lines are affected when IKEv1 is enabled.
Checkpoint reports active attacks against two of its VPN solutions. The vulnerability CVE-2026-50751 allows attackers to gain access to affected systems without authentication, provided the IKEv1 protocol is enabled in the VPN.
For the Security Gateway products, the following versions are particularly affected: R82.10 Jumbo Hotfix Take 19 and earlier, R82 Jumbo Hotfix Take 103 and earlier, R81.20 Jumbo Hotfix Take 141 and earlier, as well as the end-of-support versions R81.10, R81, and R80.40. For Spark Firewall, R80.20.X (EOS), R81.10.X, and R82.00.X are vulnerable.
Checkpoint provides hotfixes for all affected versions. The company recommends deploying these promptly and consulting the advisory, which also documents guidance on forensic searches for prior compromises as well as hardening measures. If a compromise is suspected, Checkpoint recommends contacting the company.
CERT.at generally advises using automated update functions and updating firewalls and antivirus solutions promptly and actively operating them.
Source: www.cert.at · Published June 8, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.6.5.