The critical vulnerability CVE-2026-50571 with CVSS 9.3 allows attackers to establish VPN sessions without valid passwords and has been actively exploited against organizations worldwide since May.
CVE-2026-50751 (CVSS 9.3) enables circumvention of user authentication in Check Point VPN deployments with IKEv1 through a certificate validation flaw.