Description
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Published: 2026-06-08
Score: 9.3 Critical
EPSS: 71.1% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint gaia Embedded
Checkpoint gaia Os
Checkpoint quantum Spark 1530
Checkpoint quantum Spark 1535
Checkpoint quantum Spark 1550
Checkpoint quantum Spark 1555
Checkpoint quantum Spark 1570
Checkpoint quantum Spark 1570r
Checkpoint quantum Spark 1575
Checkpoint quantum Spark 1575r
Checkpoint quantum Spark 1590
Checkpoint quantum Spark 1595r
Checkpoint quantum Spark 1600
Checkpoint quantum Spark 1800
Checkpoint quantum Spark 1900
Checkpoint quantum Spark 2000
Checkpoint quantum Spark 2530
Checkpoint quantum Spark 2550
Checkpoint quantum Spark 2560
Checkpoint quantum Spark 2570
Checkpoint quantum Spark 2580
Checkpoint quantum Spark 2590
CPEs cpe:2.3:h:checkpoint:quantum_spark_1530:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1535:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1550:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1555:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1570:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1570r:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1575:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1575r:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1590:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1595r:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1600:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1800:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_1900:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2530:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2550:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2560:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2570:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2580:-:*:*:*:*:*:*:*
cpe:2.3:h:checkpoint:quantum_spark_2590:-:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:*:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:-:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004508:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004620:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004653:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004721:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r81.10.17:build_996004892:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:-:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998001559:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998001562:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002110:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002112:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002133:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_embedded:r82.00.10:build_998002203:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:*:*:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:-:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_101:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_103:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_105:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_10:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_111:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_113:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_115:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_118:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_119:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_120:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_122:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_126:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_127:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_141:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_14:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_24:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_26:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_38:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_41:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_43:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_45:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_53:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_54:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_65:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_70:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_76:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_79:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_84:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_89:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_8:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_90:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_92:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_96:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_98:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r81.20:take_99:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82.10:-:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82.10:take_19:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82.10:take_6:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:-:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_103:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_10:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_12:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_14:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_18:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_19:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_25:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_33:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_34:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_36:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_39:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_41:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_43:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_44:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_60:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_73:*:*:*:*:*:*
cpe:2.3:o:checkpoint:gaia_os:r82:take_91:*:*:*:*:*:*
Vendors & Products Checkpoint gaia Embedded
Checkpoint gaia Os
Checkpoint quantum Spark 1530
Checkpoint quantum Spark 1535
Checkpoint quantum Spark 1550
Checkpoint quantum Spark 1555
Checkpoint quantum Spark 1570
Checkpoint quantum Spark 1570r
Checkpoint quantum Spark 1575
Checkpoint quantum Spark 1575r
Checkpoint quantum Spark 1590
Checkpoint quantum Spark 1595r
Checkpoint quantum Spark 1600
Checkpoint quantum Spark 1800
Checkpoint quantum Spark 1900
Checkpoint quantum Spark 2000
Checkpoint quantum Spark 2530
Checkpoint quantum Spark 2550
Checkpoint quantum Spark 2560
Checkpoint quantum Spark 2570
Checkpoint quantum Spark 2580
Checkpoint quantum Spark 2590

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint
Checkpoint quantum Security Gateway
Checkpoint spark Firewalls
Vendors & Products Checkpoint
Checkpoint quantum Security Gateway
Checkpoint spark Firewalls

Mon, 08 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 20:00:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-06-08T00:00:00+00:00', 'dueDate': '2026-06-11T00:00:00+00:00'}

Mon, 08 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 9.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Title User Authentication Bypass in VPN Remote Access and Mobile Access
Weaknesses CWE-287
References

Subscriptions

Checkpoint Gaia Embedded Gaia Os Quantum Security Gateway Quantum Spark 1530 Quantum Spark 1535 Quantum Spark 1550 Quantum Spark 1555 Quantum Spark 1570 Quantum Spark 1570r Quantum Spark 1575 Quantum Spark 1575r Quantum Spark 1590 Quantum Spark 1595r Quantum Spark 1600 Quantum Spark 1800 Quantum Spark 1900 Quantum Spark 2000 Quantum Spark 2530 Quantum Spark 2550 Quantum Spark 2560 Quantum Spark 2570 Quantum Spark 2580 Quantum Spark 2590 Spark Firewalls
cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-06-10T13:37:27.725Z

Reserved: 2026-06-07T09:42:08.251Z

Link: CVE-2026-50751

cve-icon Vulnrichment

Updated: 2026-06-08T16:01:50.476Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-08T12:16:32.367

Modified: 2026-06-09T18:30:55.230

Link: CVE-2026-50751

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T13:15:15Z

Weaknesses