{
  "title": "Check Point Security Gateway CVE-2026-50751: KEV VPN Authentication Bypass",
  "summary": "Check Point and CISA confirmed active exploitation of CVE-2026-50751, an IKEv1 Remote Access and Mobile Access authentication bypass. Check Point observed targeting from May 7, 2026, added campaign IOCs through June 10, and linked one post-compromise case to a Qilin ransomware affiliate.",
  "date": "2026-06-08",
  "severity": "critical",
  "tags": [
    "checkpoint",
    "cisa-kev",
    "vpn",
    "authentication-bypass",
    "ransomware"
  ],
  "sources_count": 4,
  "indicators": {
    "slug": "checkpoint-cve-2026-50751-kev",
    "since": "2026-06-08T00:00:00Z",
    "until": "2026-06-08T23:59:59Z",
    "ecosystem": "",
    "cves": [
      "CVE-2026-50751"
    ],
    "cwes": [
      "CWE-287"
    ],
    "advisoryIds": [],
    "products": [],
    "packages": [],
    "versions": [],
    "affectedVersions": [],
    "fixedVersions": [],
    "files": [],
    "paths": [],
    "services": [],
    "domains": [],
    "urls": [],
    "ips": [
      "45.77.149.152",
      "209.182.225.136",
      "38.60.157.139",
      "162.33.177.101",
      "45.76.26.42",
      "144.208.127.155",
      "38.54.88.201",
      "38.54.107.167",
      "66.42.99.200",
      "45.63.104.106",
      "45.61.136.173",
      "146.71.81.184"
    ],
    "hashes": [
      "52fda5c1b9704544f32ee98d9060e689",
      "51d39aa39478beeac94f2d12f682ecce"
    ],
    "processPatterns": [],
    "networkPatterns": [],
    "telemetrySelectors": []
  }
}