Unauthenticated attackers can gain VPN access without a password through a certificate verification flaw in IKEv1 configuration and are being exploited by ransomware groups.
CVE-2026-50751 (CVSS 9.3) enables circumvention of user authentication in Check Point VPN deployments with IKEv1 through a certificate validation flaw.